Let's assume the following scenario. We have two users trusted and untrusted. User untrusted is used to access the internet and download data, which then has to be reviewed and given to user trusted. What I do so far is download data through the untrusted account, log in as root and review the data and then move the reviewed data to trusted and set the permissions of the data files to trusted:users. However this is a rather time-consuming process and I want to speed it up. So I created a shared folder as root with the following commands:

mkdir /srv/shared
chgrp users /srv/shared
chmod g+w,o-rx /srv/shared
setfacl -m d:g:users:rwx /srv/shared

With this both trusted and untrusted can create, read, write, delete and move files to and from this directory. I didn't test script execution but I think I won't need it, because anything inside that folder should be regarded as potentially hazardous.

Unfortunately I noticed that if untrusted creates a file in that folder and trusted uses

mv -i /srv/shared/created.by.untrusted ~

The user trusted ends up with the file created.by.untrusted in his home directory which is still owned by untrusted. The user trusted can edit and delete that file but he can't change the ownership to trusted:users. Is this a potential security hazard? Is there a way to change the ownership to trusted:users without using the root account? I was thinking about creating a new partition with the NTFS file system and mount it on /srv/shared in order to circumvent this problem. Files created there should have no permanent owner. But the problem with this approach is that the partition size would have to be limited by a fixed amount. In any case such an approach seems like "overkill" to me. Is there another way?