- The admin must always be able to obtain a root shell by using the password : if ssh can't be combined with the other services, then sudo must be available to everyone and a guest "shell exploit" must be documented, proved to work in all normal circumstances, and tested when upgrading the server (in the future, a single ssh-only machine may be reachable as an admin gateway to the LAN, and other non-forwarded ssh services enabled on all machines)
- All non-root creds/user are assumed "public access", either for public missions or for open-source scripts
- Non-admins can't change the password of said users (which would cause a service disruption)
- All files restricted to root are assumed "critical data" by default
- Local libraries are considered unable to be secured against root elevation
- No server is added to an existing LAN until it is deemed secured, as such machine would provide an entrypoint into the whole LAN
