Users may override the global workspace and use an own instead. This can potentially lead to malicious behaviour (e.g. by using a partition that isn't intendend to hold the amount of data).

There are two possible solutions that I can think of:

1. Disallow (Non-Admin-)Users to set a custom workspace.
2. "chroot" the workspace directory (e.g. the custom workspace always is a subdirectory of $directory set in the global config)