diff --git a/Dockerfile b/Dockerfile
index 16b7a0e..f785795 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -47,7 +47,7 @@ RUN cmake \
   -D MPI_BASE_DIR="/usr" \ 
   -C /toolsrc/Xyce/cmake/trilinos/trilinos-config-MPI.cmake \
     /toolsrc/Trilinos
-RUN cmake --build . -j 8 -t install
+RUN cmake --build . -j 40 -t install
 
 # install Xyce
 WORKDIR /toolsrc
@@ -68,16 +68,6 @@ RUN apt-get -y install wget
 RUN /usr/bin/wget https://go.dev/dl/go1.19.1.linux-amd64.tar.gz
 RUN tar -C /opt -xzf go1.19.1.linux-amd64.tar.gz
 
-# install editors
-WORKDIR "/"
-ADD home template
-RUN apt-get install -y vim
-RUN mkdir -p /template/.vim/pack/plugins/start
-RUN git clone https://www.github.com/fatih/vim-go.git /template/.vim/pack/plugins/start/vim-go
-RUN git clone https://github.com/tpope/vim-fugitive /template/.vim/pack/plugins/start/fugitive
-RUN git clone https://www.github.com/preservim/nerdtree.git /template/.vim/pack/plugins/start/nerdtree
-RUN vim +GoInstallBinaries +qall
-
 # install gaw
 RUN apt-get update --fix-missing; DEBIAN_FRONTEND=noninteractive apt-get install -y libgtk-3-dev libcanberra-gtk3-module
 WORKDIR /toolsrc
@@ -163,6 +153,18 @@ WORKDIR /toolsrc
 RUN --mount=type=secret,id=user --mount=type=secret,id=token git clone https://$(cat /run/secrets/user):$(cat /run/secrets/token)@git.broccolimicro.io/Broccoli/pr.git
 RUN cp -r pr/* /opt/cad/bin
 
+RUN apt-get -y install sudo
+
+# install editors
+WORKDIR "/"
+ADD home template
+RUN apt-get install -y vim
+RUN mkdir -p /template/.vim/pack/plugins/start
+RUN git clone https://www.github.com/fatih/vim-go.git /template/.vim/pack/plugins/start/vim-go
+RUN git clone https://github.com/tpope/vim-fugitive /template/.vim/pack/plugins/start/fugitive
+RUN git clone https://www.github.com/preservim/nerdtree.git /template/.vim/pack/plugins/start/nerdtree
+RUN vim +GoInstallBinaries +qall
+
 # Clean up source code folder
 #RUN rm -rf /toolsrc
 
@@ -170,14 +172,28 @@ RUN cp -r pr/* /opt/cad/bin
 RUN mkdir "/host"
 WORKDIR "/host"
 RUN rm -rf /opt/cad/conf
-RUN ln -s "/host/tech" "/opt/cad/conf"
+RUN mkdir /opt/cad/conf
 
 ENV USER "bcli"
 ENV USER_ID "1000" 
 ENV GROUP_ID "1000"
+ENV MEMBERS ""
+ENV XAUTH_TOKEN ""
 
-CMD exec /bin/bash -c "/usr/sbin/groupadd -g $GROUP_ID $USER; \
+RUN echo "version: 12"
+CMD exec /bin/bash -c "echo \"$MEMBERS\" | sed 's/[0-9]* \\(adm\|cdrom\|sudo\|dip\|plugdev\|lxd\|docker\|dialout\|sambashare\|lpadmin\\) \?//g' | sed 's/ /\n/g' | xargs -n 2 /usr/sbin/groupadd -g; \
   /usr/sbin/useradd -u $USER_ID -g $USER $USER; \
+  echo \"$MEMBERS\" | sed 's/[0-9]* \\(adm\|cdrom\|sudo\|dip\|plugdev\|lxd\|docker\|dialout\|sambashare\\) \?//g' | sed 's/ [0-9]\+ /,/g' | sed 's/[0-9]\+ //g' | xargs -I{} /usr/sbin/usermod -aG {} $USER; \
   cp -r /template /home/$USER; \
+	echo \"$XAUTH_TOKEN\" | xargs -n 3 xauth -f /home/$USER/.Xauthority add; \
   chown -R $USER:$USER /home/$USER; \
+  echo \"$USER ALL=NOPASSWD: /usr/bin/apt-get install *\" > /etc/sudoers.d/apt-get; \
+  echo \"$USER ALL=NOPASSWD: /usr/bin/apt install *\" > /etc/sudoers.d/apt; \
   trap : TERM INT; sleep infinity & wait"
+
+
+# In case we need to add a password for sudo.
+# However, its possible for someone to break out of the docker container and
+# have root access on the host if they are given sudo access in the container.
+# So, we really shouldn't give them sudo access
+# /usr/sbin/usermod -p \$(openssl passwd -1 'bcli') $USER; \ 
diff --git a/bcli-develop.sh b/bcli-develop.sh
index 67f42ac..32d6dd7 100644
--- a/bcli-develop.sh
+++ b/bcli-develop.sh
@@ -1,11 +1,13 @@
 bcli() {
     if [ "$1" = "up" ]; then
-	docker run --rm -d -v $HOME:/host --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null
-	#docker run --rm -d -v $HOME:/host --name "bcli-develop" -h "bcli-develop" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null
-	echo "bcli-develop started"
+	XAUTH_TOKEN="$(xauth list | sed 's/^[^:]*/localhost/g' | sed 's/localhost: /localhost:0 /g')"
+	MEMBERS="$(groups | sed 's/ /\n/g' | xargs -I{} getent group {} | sed 's/\([^:]*\):[^:]*:\([^:]*\):.*/\2 \1/g')"
+	docker run --rm -d --net=host -v $HOME:/host -v "${BCLI_TECH:-/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -e MEMBERS="$MEMBERS" -e XAUTH_TOKEN="$XAUTH_TOKEN" -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" public.ecr.aws/l5h5o6z4/broccoli-cli:latest > /dev/null
+	#docker run --rm -d -v $HOME:/host -v "${BCLI_TECH:/opt/tech}:/opt/cad/conf" --name "bcli-$USER" -h "bcli-$USER" -e USER=$USER -e USER_ID=$(id -u) -e GROUP_ID=$(id -g) -e DISPLAY=$DISPLAY -v "/tmp/.X11-unix:/tmp/.X11-unix:rw" ${BCLI_IMAGE:-public.ecr.aws/l5h5o6z4/broccoli-cli:latest} > /dev/null
+	echo "bcli-$USER started"
     elif [ "$1" = "down" ]; then
-	docker stop bcli-develop > /dev/null
-	echo "bcli-develop stopped"
+	docker stop "bcli-$USER" > /dev/null
+	echo "bcli-$USER stopped"
 	#legacy, or if server files change faster than a new download
     elif [ "$1" = "mount" ]; then
 	if [ -z "$BROCCOLI_USER" ]; then
@@ -23,8 +25,12 @@ bcli() {
 	    umount $HOME/tech
 	fi
 	rmdir $HOME/tech
-    elif [ "$#" -eq 0 ]; then 
-	docker exec -u $(id -u):$(id -g) -it bcli-develop /bin/bash
+    elif [ "$#" -eq 0 ]; then
+	WD="/host"
+	if [[ "$PWD" = "$HOME/"* ]]; then
+		WD="/host${PWD#$HOME}"
+	fi
+	docker exec -u $(id -u) -w $WD -e DISPLAY=$DISPLAY -it "bcli-$USER" /bin/bash
     else
 	if [ "$1" != "--help" ]; then
 	    echo "error: unrecognized command '$1'"
diff --git a/home/.Xauthority b/home/.Xauthority
new file mode 100644
index 0000000..e69de29
diff --git a/home/.bashrc b/home/.bashrc
index 9d7f1f8..ef0774b 100644
--- a/home/.bashrc
+++ b/home/.bashrc
@@ -126,3 +126,19 @@ if ! shopt -oq posix; then
   fi
 fi
 
+echo "Welcome to Broccoli's Command Line Interface"
+echo ""
+echo "The following tools are available:"
+echo "go       - architectural and behavioral simulation"
+echo "haystack - formal synthesis of self-timed circuits"
+echo "act      - circuit design and digital simulation"
+echo "prspice  - configure digital/analog circuit co-simulation"
+echo "Xyce     - analog circuit simulation"
+echo "gaw      - analog waveform viewer"
+echo "magic    - circuit layout"
+echo ""
+echo "Semiconductor PDKs are in /opt/cad/conf"
+echo "Packages may be installed with 'sudo apt install <package>'"
+echo "Other usages of sudo are disabled"
+echo ""
+echo ""
diff --git a/home/.sudo_as_admin_successful b/home/.sudo_as_admin_successful
new file mode 100644
index 0000000..e69de29