I have a question about the security model of JupyterHub. Are the user servers trusted? For example, I am working on a grading tool, and want to know if it is safe to run some of the grading code in a user server instance.
As far as I understand, first you have the hub process. This launches user servers via spawners, and these in turn run notebook kernels. It is clear that the user can do all kinds of things with the notebook kernels. But can they also manipulate the user server? I think they can because they basically have a shell and the user server runs under the same Linux user. So things like API secrets to report back grades should only live in the hub process, right?