I am trying to run a jupyter hub environment, where there will be multiple users,
- Can an untrusted user among these users affect my host machine’s directory level files and folders?
- Does different users get different workspaces everytime they access my hub’s server? and does that mean they have different environment setup when they are singed up.
Help me understand the working of jupyter Hub’s multiple user access functionality and security permissions.
The answer to both of these questions is governed by the spawner, which can vary dramatically in how much isolation they provide. Using a container via DockerSpawner or KubeSpawner results in quite a bit of isolation compared to the default, which spawns a subprocess as another user via setuid. Persistence is also governed by the Spawner configuration (files may be persisted or not, JupyterHub is not aware at all about users’ files).
For the most part, how much isolation and how ‘fresh’ a user’s environment is on each launch are both up to your configuration.
You may also want to read some of the security documentation.