Hi Arky,
Let define the problem first and then find a solution :-) I raised the concern in #hurd channel and geot this response
Happy Hacking Praveen
<j4v4m4n> we had a hurd demo today <j4v4m4n> so there was this question about security assocated with the unprevileged "login" user <j4v4m4n> the files created by the user is owned by root <j4v4m4n> how can this be explained to a unix guy? <j4v4m4n> he was very upset with this, I couldn't explain the reasons <bvk> can a guest *create* files? i thought he gets only read access -- i never tried though <manuel> depends on the fourth set of permission bits <manuel> j4v4m4n: actually it's set to the owner and group owner of the parent directory <manuel> j4v4m4n: how is that a problem? * OdyX has quit (Read error: 104 (Connection reset by peer)) <manuel> since the setuid/setgid bit is ignored when it's created by an unprivileged process * schlesix (n=thomas@xdsl-81-173-230-41.netcologne.de) has joined #hurd <j4v4m4n> manuel, how can we explain it to a guy from unix background that anyone can create a file with root as an owner? <manuel> j4v4m4n: well just ask him why is that a problem <j4v4m4n> manuel, :-) <j4v4m4n> manuel, I'll do that <manuel> the only problem with root-owned files are the setuid/setgid bits, AFAICS