Probably, behind the original decision there were also issues of home access, required by some unprivileged services, like apache (userdir).
Today, letting all users accessing any ~/Doc,~/Pic,~/Video look like a huge security hole (MS Windows deny this).
But anyway, today 'user' access should support user namespaces (subuid/subgid)
This is required for rootless container development (podman, docker).
Another point is "sandbox model" by snap/flatpak.
In particular in "partial" supported scenarios: Snap+SeLinux (fedora) and Flatpak+AppArmor (ubuntu)
Probably, behind the original decision there were also issues of home access, required by some unprivileged services, like apache (userdir).
Today, letting all users accessing any ~/Doc,~/Pic,~/Video look like a huge security hole (MS Windows deny this).
But anyway, today 'user' access should support user namespaces (subuid/subgid)
This is required for rootless container development (podman, docker).
Another point is "sandbox model" by snap/flatpak.
In particular in "partial" supported scenarios: Snap+SeLinux (fedora) and Flatpak+AppArmor (ubuntu)