Comment by andai
Nice. I was trying to learn containers but I gave up and just made a Linux user for agents. (Actually I'll be honest, the AI told me I was being silly because Unix users solved my problem in 1970.)
So they have full rw to their own homedir, but can't read or write mine.
(I did give myself rw to theirs though, obviously ;)
They can still install most things because most dev things don't need root to install these days. They just curl rustup or go or whatever.
I guess a useful addition would be to vibe code a way for them to yell at me if they actually need me to install something, but I don't think I've run into that situation yet.
Fair enough, I guess Unix users could indeed get you a long way. I did not really even consider it.
Apart from protecting user files, another goal I had with litterbox.work was to enable reproducible development environments through Dockerfiles and to improve the security of ssh-agent. These still require a bit more than just a new user.