u+codalist-p4pg_at_chalmers.se writes:
> all processes with the same uid can potentially influence each other
> by modifying files in the home directory - as the home directory is normally
> used to find [references to] resources, via dotfiles and alikes.

... unless there is no home directory.  At least, no home directory
which can be accessed using only the "UNIX UID" as a credential.  IMHO
this is the sensible approach for AFS/Coda and similar systems.

I'd worry more about various IPC and shared-memory facilities -- for
example you can attach a debugger to any other process with the same
UID.

A possible solution is to synthesize a new UNIX UID for each login
shell (could probably be done in a PAM session module) and reclaim
them when the user logs out.  If the only publicly writable space on
local disk is /tmp, this should be easy to clean up after.

  - a