if I were you I would lock down the permissions on invscout or remove
it all together. It was not designed with security in mind. There are
setuid root binaries included in the package which is why some files
are being created as root.