/usr/sbin and /sbin world read/executable... why?
I'm slowly learning the ins-and-outs of securing my lovely slack box, and have developed some questions along the way. I was hoping I could bounce two off of the community:
(1) One question in particular, which I haven't seen very informative responses to just yet is the notion of the /usr/sbin and /sbin directories, and why they are chmodded to 555 by default (world readable and executable). It seems dangerous to have all those scripts and binaries open to all users. I known running certain daemons as non root will be a moot point since they can't bind below port 1024 anyway, but things like hdparm, etc... Why are they by default open to the world of users on the machine?
(2) Follow up: Can these directories be chmodded to 550 (owner and group executable, but nothing for world) safely? Will this changes cause untold havoc in random programs, or is this a safe and effective move?
Any advice or directions to other threads or discussion on the subject would be quite lovely! Also, answers don't have to be slack specific, I recognize that this is a cross-distro question.