Hello,

I've just created a non-sudo user, with no extra permissions.

Code:
$ useradd -m test
$ su - test
$ whoami
test
$ ls -la
total 24
drwxr-xr-x 2 test test 4096 Dec 14 11:43 .
drwxr-xr-x 4 root root 4096 Dec 14 11:43 ..
-rw-r--r-- 1 test test  220 Nov 10 12:45 .bash_logout
-rw-r--r-- 1 test test 3391 Nov 25 13:36 .bashrc
-rw-r--r-- 1 test test 3526 Nov 10 12:45 .bashrc.original
-rw-r--r-- 1 test test  807 Nov 10 12:45 .profile
Next, we're having a file in root's home directory:

Code:
$ cd /root/Downloads/
$ ls -la
total 19832
drwxr-xr-x  2 root root     4096 Dec 14 11:44 .
drwxr-xr-x 16 root root     4096 Dec 14 11:24 ..
-rw-r--r--  1 root root 20298848 Dec 13 22:38 test.file
Now let's see what's happening:
$ su - test
$ cd /root/Downloads
$ ls -la
total 19832
drwxr-xr-x 2 root root 4096 Dec 14 11:44 .
drwxr-xr-x 16 root root 4096 Dec 14 11:24 ..
-rw-r--r-- 1 root root 20298848 Dec 13 22:38 test.file
$ cp test.file ~
$ cd ~
$ ls -la
total 19848
drwxr-xr-x 2 test test 4096 Dec 14 11:47 .
drwxr-xr-x 4 root root 4096 Dec 14 11:43 ..
-rw-r--r-- 1 test test 220 Nov 10 12:45 .bash_logout
-rw-r--r-- 1 test test 3391 Nov 25 13:36 .bashrc
-rw-r--r-- 1 test test 3526 Nov 10 12:45 .bashrc.original
-rw-r--r-- 1 test test 807 Nov 10 12:45 .profile
-rw-r--r-- 1 test test 20298848 Dec 14 11:47 test.file
[/CODE]

How is this even possible? How can a non-sudo, basic user access root's Downloads and copy a file that's owned by root (from root's own homedir)?!

Please note that this is a fresh/clean/untouched Kali install.

Any hints?