I personally think the UNIX security model is broken for multiuser, so I basically run systems in dedicated security mode (as does ~everyone else; single-user laptop/desktops under OSX or Linux, and servers dedicated to a single user/task/application, or at least VMs dedicated to a single user/task).
UNIX local system security is still nice as a belt-and-suspenders thing, but once someone's on a box, assume they own it. The only exception is some special magic stuff like Hardware Security Modules.
I personally think the UNIX security model is broken for multiuser, so I basically run systems in dedicated security mode (as does ~everyone else; single-user laptop/desktops under OSX or Linux, and servers dedicated to a single user/task/application, or at least VMs dedicated to a single user/task).
UNIX local system security is still nice as a belt-and-suspenders thing, but once someone's on a box, assume they own it. The only exception is some special magic stuff like Hardware Security Modules.