I think a neat thing to do with this is have a capabilities based system to handle OS rights. In this system, a webserver wouldn't be root to bind to a port < 1024, but would get passed a socketobj that was bound to 80 at startup. Also would be given directoryobj for it's docroot. It would be allowed to create new fileobjs/dirobj from that dirobj. Also the docroot dirobj would be missing an entry for ".."