Any ideas how to allow one non-root process to access (read&write) all home directories without compromising security? Normal users should not have access to each other's home directories.

All ideas are welcome, even crazy ones (nfs&kerberos setups?) :)

I basically need to create web interface for user home directories, where the non-root process is the web server process.

New files should have the home directory user as the owner. Is this even possible?