So, I'm a researcher tasked with maintaining a number of GPU servers for researchers in my lab. I have quite a bit of Linux experience, while some users have never used Linux before.
The other researchers and I have root access. Unfortunately, while setting up requirements/dependencies/etc. for their projects, they'll unintentionally damage or misconfigure the server, sometimes in ways I can't figure out how to fix.
So, I want to use chroot, LXC, or some other kind of low-overhead virtualization to limit unintentional damage. E.g. A user accidentally running sudo rm -rf --no-preserve-root / should only damage their own container. I don't intend to protect against intentionally malicious damage, or from resource exhaustion (but this would be nice if it comes "for free".)
More importantly, I want this change to be transparent to them: They should all be able to SSH into the server and be immediately connected to their own container, and also be able to use rsync, etc. I should be the only one who has to understand the containers. Ideally, they could all also access a shared folder / disk (to store large datasets, models, etc. that we want not to duplicate.) To be specific, we are on an Ubuntu 18.04 server.
In summary, I run a Linux server for multiple users with SSH access. My goals are to compartmentalize users into their own containers / VMs to protect against unintentional damage, without a large overhead and without requiring these users to change their workflow. How would one accomplish this?
