A script generates identical ubuntu VM's. They all have access to a ubuntu file server VM. We want them to only be able to see their own files on the file server and not each other's. How can this be done given the user is the same in all VM's and given the server names of all VM's are the same? Only the DHCP-derived IP's are different.

In other words, how could permissions per IP be implemented? Or ownership per IP? Or per MAC address?

Could limit the number of identical VM's to 10 if need be. The ideal would be to have all files in one folder instead of 10 separate folders. Create 10 different users to become the owners of the files? Also need to counter hackers getting root access to one VM and this is critical: how would they be stopped from accessing files owned by other VM's by spoofing IP's and MAC addresses?

Could generate each VM with a MAC address that will be used to make the username that logs in to the file server, eg user1234567890ab where 12:34:56:78:90:ab is the MAC address, while the file server would have created user user1234567890ab on detection of the MAC address with arp-scan and crucially, the password would be passed to the VM as a text file in a virtual CD, and be a hash on the MAC. But what if the hacker eavesdrops file content while it is transfered? Seems complicated too, any other options?

I had read your thread prior to your edit and it would be easier having different usernames but your requirements are still confusing. By what protocol/service are you planning on using to access the files? ssh, nfs, samba etc.

The ideal, not the idea. As in, that would be nice to have all files in one place but probably not supported by any protocol. The protocol/service is open. As long as a hacked VM cannot mess with files other than its own or eavesdrop any data transfers. sshfs seems to be promising.

"We want them to only be able to see their own files on the file server and not each other's."
Generally there are two permissions here. One is the protocol permission and the other is the file based permission. I'd think that something like ACL's could support use but multiple folder seems to be usable and more easy.

Any time a system is hacked it could have means to gain access to others.

Some protocols support multiple access (transactional aware) where some don't.

Could have 10 users named user1, user2, ..., user10 and respective private/public key pairs in each VM that are generated with ssh-keygen in the host, saved in respective CD images keys1.iso, keys2.iso, ..., keys10.iso with mkisofs, passed to each generated VM through a line like this in the vmx:

sata0:1.fileName = "keys1.iso"

and the public key of each VM would be sent to the file server by running the following just once in each VM:

cp the key files id_rsa and id_rsa.pub from the virtual CD to ~/.ssh/
NUM=`read the number of this VM from the virtual CD`
ssh-copy-id user$NUM@10.0.0.1 # 10.0.0.1 is the file server

and the public key of the file server would be passed to all VM's by running the folllowing in the server every time a new MAC address is detected with arp-scan:

# Let everyone know my public key
for i in {2..11}
do
ssh-copy-id user@10.0.0.$i
done

and finally each VM mounts the network folder at boot time with something like:

NUM=`read the number from the virtual CD`
sshfs user$NUM@10.0.0.1:/home/user/Desktop /home/user/Desktop -C
pkill nemo-desktop
nemo-desktop &

and now the desktop is actually the file server desktop. Minus files belonging to other users? Not sure what sshfs is doing with permissions.

My limited knowledge...

nfsv4, samba v3 and obviously sshfs(sftp) are all capable/use encryption.

Permissions or a jailed user would limit accessibility using sshfs/sftp.

With all systems running linux I would not use samba.

For nfsv4 https://help.ubuntu.com/community/NFSv4Howto

When you mount, how do you tell it that all files must be created with permissions set to -rwx --- ---?

NFS allows you to export filesystem trees (folder structures) that are accessible to certain NFS clients. As to the requirement to have everything in the same place, you could create directories under /srv that you then export selectively:
where client1, client2 etc. are the NFS client VMs, either their hostnames or IP addresses. This means that client1 has read/write access to the /srv/client1 share and so on.

For more, see the exports and exportfs man pages.