# User and Work Directory
<subtitle>Understand the default permission system and execution paths in sandbox environments to ensure your scripts run correctly.</subtitle>

## Environment Setup

Before using the SDK, please ensure that the `AGENTBOX_API_KEY` environment variable is configured.

>
> You can obtain your API key from the [Console API Keys page](https://console.ucloud.cn/modelverse/experience/api-keys).

```bash
export AGENTBOX_API_KEY=your_api_key
```

## Default Rules

Unlike standard Docker containers, UCloud Sandbox uses non-root users by default for security and operational convenience:

*   **Default User**: `user` (with sudo privileges)
*   **Default Working Directory**: `/home/user` (user home directory)

This design helps you more smoothly install tools that require user environment support (such as npm, pip, etc.), while reducing the risk of accidentally deleting critical system files.

## Switching Identity in Templates

The last user and directory set during template build will be the **default execution environment** for all sandboxes generated from that template.

```python
from ucloud_sandbox import Template, Sandbox

template = (
    Template()
    .from_base_image()
    .run_cmd("whoami")  # Output: user
    .run_cmd("pwd")     # Output: /home/user
    
    # Switch to guest user
    .set_user("guest")
    .run_cmd("whoami")  # Output: guest
    .run_cmd("pwd")     # Output: /home/guest
)

# After generating sandbox, its default identity is guest
sbx = Sandbox.create(template="your-template-id")
sbx.commands.run("whoami")  # Output: guest
```

## Notes

>
> **sudo Privileges**: The default user `user` allows calling `sudo` without password input to execute system-level tasks.

>
> **Path Isolation**: System-sensitive directories (such as `/root` or `/etc/shadow`) are restricted to the `user` account by default. Please add `sudo` when operating.