May I ask, is it your intent that these users cannot affect your host system? If so, do you mind if they would, possibly, be able to affect each other?
Given that you want to protect your host system, but are fine with the users, possibly, affecting each other, I would recommend you create a...