Reducing privileges: uids


Running processes under different uids means they can not affect each other directly:

no signals can be send
they can not ptrace each other
they can not touch each others files