I'm not sure if it is because of the marketplace solution I'm using or is due to the flaw of my workflow.
When a new owner is added to a project via IAM, they are automatically added to the home directory of the VM instances within the project.
When a project owner is removed from the project, it doesn't remove them from the VM's home directory automatically(like the way they are added). They have to be removed from SSH manually.
When an instance is created(new or from snapshot), it automatically includes a list of previous and present owners of the project that are not related to the VM instance.
How can I avoid having project owners to be automatically added to the VM instances within the project?
In fact, it's not exactly that. I just tested and when you add a user as owner of a project with IAM, there is no directory created in the VM.
However, the newly added user, because it's owner, is able to connect to the VM. When a new user log into the VM, a SSH key is generated for them and a home directory also.
You can restrict SSH key addition, or use the OS-login feature. But I don't know any trick to prevent the home directory creation.
It might be a Linux question on SuperUser forum to customize the login mode to prevent that operation.
Note: Basic role (owner, editor, viewer) aren't recommended by Google Cloud.