This notion of security is stale. Real security is far more complex than this, requiring automated provisioning and logging. This is more suitable for a VPS or a personal VM than anything professional. Also installing acl just to use setfacl bothered me.