Internal security can be a large task, depending on how much you are
able to trust your users. The guidelines presented here are designed to
prevent the casual user from accessing sensitive information and from
unfairly using system resources.
Regarding file permissions, you may want to modify permissions for the
following three cases:
First, log files in /var/log need not be world-readable. There is no
reason for anybody other than root to be snooping in the logs. See Part 4 of the LPI 101 series for more information on syslog, plus the
logrotate(8) man page for information on configuring that program
to create logs with appropriate permissions.