%general-entities; ]> mkdir -pv /{bin,boot,dev,etc/opt,home,lib,mnt,opt} mkdir -pv /{proc,media/{floppy,cdrom},sbin,srv,sys,var} install -dv -m 0750 /root install -dv -m 1777 {/var,}/tmp mkdir -pv /usr/{,local/}{bin,include,lib,sbin,src} mkdir -pv /usr/{,local/}share/{doc,info,locale,man} mkdir -v /usr/{,local/}share/{misc,terminfo,zoneinfo} mkdir -pv /usr/{,local/}share/man/man{1..8} for dir in /usr{,/local}; do ln -sv share/{man,doc,info} $dir done mkdir -v /var/{lock,log,mail,run,spool} mkdir -pv /var/{opt,cache,lib/{misc,locate},local} The first mode change ensures that not just anybody can enter the /root directory—the same as a normal user would do with his or her home directory. The second mode change makes sure that any user can write to the /tmp and /var/tmp directories, but cannot remove another user's files from them. The latter is prohibited by the so-called sticky bit, the highest bit (1) in the 1777 bit mask.