- Ssh must be reachable from the outside on all machines, as admins need to log as root
- Ssh must be reachable from the outside on all machines, as admins need to log as root (in the future, a single ssh-only machine may be reachable as an admin proxy in the LAN, and other ssh services not forwarded)
- All non-root users are assumed "public access", either for public missions or for open-source scripts
- All non-root users are assumed "public access", either for public missions or for open-source scripts
- All files restricted to root are assumed "critical data" by default
- All files restricted to root are assumed "critical data" by default
- Local libraries are considered unable to be secured against root elevation
- Local libraries are considered unable to be secured against root elevation
