Learn about the useful options to your version of the ls command.

If your system has access control lists (ACLs), learn how to use them. Remember: do not depend on ACLs to protect files on NFS partitions.

Set your umask to an appropriate value (e.g., 027 or 077).

Never write SUID/SGID shell scripts.

Periodically scan your system for SUID/SGID files.

Disable SUID on disk partition mounts (local and remote) unless it is necessary.

Determine if write, chmod, chown, and chgrp operations on files clear the SUID/SGID bits on your system. Get in the habit of checking files based on this information.

Scan for device files on your system. Check their ownerships and permissions to ensure that they are reasonable.

Consider using a cryptographic filesystem for sensitive data.