Wojciech Puchar wrote:
>>...and distribute tin-foil hats, to keep the Sputniks out of our
>>brains.
>>
>>Seriously, with the *default* distribution, you can get the contents
>>of "/root"'s directory off of the web, so there's no secrets, and no
>>security advantage to having the contents world readable. Removing
>>read permissions where they're harmless has a big disadvantage, in
>>that it encourages people to be "root" when they need not be.
> 
> 
> first explanation that make sense. i agree.

Here's a few we use.
	1. Login as an unpriv user and store data there. Other non-privs should 
not be able to read them, and most systems shouldn't have users on them 
anyway. And you should not put critical stuff there, either.
	2. Scripts should be put in /usr/local so you have a standard place for 
them that does not normally get touched on a rebuild.
	3. Generally, we only root into a machine to fix something that is 
broke. Everything else is kept in the non-priv account.
	4. As a rule, our users who are interested enough in finding out what 
root does are useful enough to spend time explaining things. That way 
they see why root is such a risk, our job is such a pain, and why we 
laugh when they ask for root. Once they see that we're doing really 
boring things behind that "WizBang" mystique, they seem less likely to 
try to break in.
	
So we don't hide what root does. Your mileage and preferneces may vary.

ciao!

leam