Thorough use of this tactic will lead to a "you may have privs, but you have to
turn off protection to use them" mentality I seem to recall from VMS days. Proper
use of groups and setgid in lieu of setuid (or setuid with a non-root owner) will
reduce risks where you don't want to do something quite so drastic. Setuid root,
group (not setgid) some admin group, no world privs is also a good thing to do with
admin-only programs; unfortunately, semi-conscious programs like pppd throw away
superuser status from the setuid bit, rendering this scheme useless.
I'd rather not change the semantics for hard links (though I do think they were
invented without quotas in mind) if we don't have to, especially when there are
ways to avoid it...
Keith