Harden file system protections
I have a "Linux question" concerning the hardening file sytem protections.
Do you guys think that it is wise to set all file system protections to least privelege model, where no "world" permissions exist?
I mean what if I have a script which removes all "world" permissions in all file system and skipping some "not ordinary" folders such as /proc, /dev, /mnt?
Do you think it will spoil all the system? Is there any list on the web which defines that certain files and directories MUST have "other" permissions in order to work properly, ex: /etc/passwd? What if my machine is only used for version control like CVS, thus will it protect system from usage of triggers (Taking into account that later cvsroot is chrooted)
Thank you for your ideas...