On Sat, Jun 18, 2005 at 11:02:55PM -0400, Vincent Starre wrote:
> In order to achieve this, I created an extra user account
> "someuser-remote" with the same UID as "someuser", the same home
> directory and shell, and no password (ie: account disabled).

OK, general note on this part. Unix does everything important by numbers.
E.g. your process is running as "UID 1000", not as "user someuser". When
you run some command that wants to print out a username (e.g. "ls -l"
or "ps -ef"), the command takes the UID that it gets from the kernel and
does a name lookup on it to get a username string for human consumption.

If you have two lines in /etc/passwd that both have the same UID, the
name lookup function returns the user name from the first line.

> I really expect that different security for different origins is
> something which I am not alone in wanting, but I also expect somebody
> here thinks this is a bad idea.

Having two different names for the same UID is not a bad idea in and of
itself. It's fairly common practice in some circles to create a secondary
root-level (UID 0) account, e.g. with a different shell, so that single
user mode with /sbin/sh still works when /usr isn't mounted, but normal
"xroot" logins have a more convenient shell for entering commands.

What really matters is what you do with the accounts that are created.

> I would call it "quantum entanglement of user accounts to allow spooky
> action over a distance", but that's just me.