GRASS 4.0 and directory location/protection

I have a question regarding setting up GRASS for use by multiple users
for all you experienced system managers.

I'm still new to GRASS so I may not have read enough yet but I'd like
to get it going so other users here can start using it without fear of
messing things up.

Ok, I've installed the spearfish database. The GRASS system seems to
require the spearfish directory be writable by the world in order to
create a subdirectory for every user who wants to use GRASS. This is
probably fine in most instances and though I'd like to think I can, I
just don't think I can trust ALL the users on our machine not to
"accidently" delete stuff that I don't want them to delete. Maybe that
isn't really such a problem after all. Need it be this way?

To continue, for various reasons our spearfish database is in a
different file system partition to our user's directories. When a
user creates a mapset using the spearfish database I would like the
subdirectories assoicated with their mapset to be created under their
own directory where they are subject to disk quota limits etc.

Can this be done?
If someone was to set up another database that they wanted others to be
able to read but not update, how would it be done?
+---------------------------------------------------------------------+
| John Miller | Internet Mail - ccjwm@jcu.edu.au |
| Computer Centre | PSI Mail - PSI%050527372000051::J_MILLER |
| James Cook University of North Queensland | Phone: +61 77 815447 |
| Townsville, 4811, AUSTRALIA | Fax: +61 77 796371 |
+---------------------------------------------------------------------+