Is it recommended to change root directory permission to improve security?

I have a computer running Ubuntu 20.04 Server. I bought my server in Digital Ocean 1 year ago (more or less) and every month I try to improve its security and I'm getting affortunnelly. But about user organization I always have doubts.

This is a personal server, so really I'm asking to improve my understanding, for future projects that might involve more users.

My root directory permissions are:

 0 lrwxrwxrwx   1 root root     7 May 14  2020 bin -> usr/bin
 4 drwxr-xr-x   4 root root  4096 Feb 10 06:59 boot
 0 drwxr-xr-x  16 root root  3820 Oct 12 02:34 dev
12 drwxr-xr-x 110 root root 12288 Feb 16 18:11 etc
 4 drwxr-xr-x   4 root root  4096 Apr  3  2021 home
 0 lrwxrwxrwx   1 root root     7 May 14  2020 lib -> usr/lib
 0 lrwxrwxrwx   1 root root     9 May 14  2020 lib32 -> usr/lib32
 0 lrwxrwxrwx   1 root root     9 May 14  2020 lib64 -> usr/lib64
 0 lrwxrwxrwx   1 root root    10 May 14  2020 libx32 -> usr/libx32
16 drwx------   2 root root 16384 May 14  2020 lost+found
 4 drwxr-xr-x   2 root root  4096 May 14  2020 media
 4 drwxr-xr-x   2 root root  4096 May 14  2020 mnt
 4 drwxr-xr-x   3 root root  4096 Dec 18 13:48 opt
 0 dr-xr-xr-x 197 root root     0 Jun 12  2021 proc
 4 drwx------  10 root root  4096 Feb  6 19:31 root
 0 drwxr-xr-x  31 root root  1040 Feb 16 13:04 run
 0 lrwxrwxrwx   1 root root     8 May 14  2020 sbin -> usr/sbin
 4 drwxr-xr-x   8 root root  4096 Feb 16 17:56 snap
 4 drwxr-xr-x   3 root root  4096 Apr  3  2021 srv
 0 dr-xr-xr-x  13 root root     0 Jun 12  2021 sys
 4 drwxrwxrwt  20 root root  4096 Feb 16 18:39 tmp
 4 drwxr-xr-x  15 root root  4096 Aug  6  2021 usr
 4 drwxr-xr-x  16 root root  4096 Dec  4 18:50 var

You can see how many files have others groups execution permissions, but is it really necessary? x permission means any user can do

 cd /boot

Or something like that. I know they can't edit or remove anything there but if they can go inside directory and write ls, that random user can get information which I may not want the user to get. Once, a friend who knew more Linux than me told me that if you want to mess up an Ubuntu server you can do it by changing permissions of files. So I don't want to test it.

My goal is for every user to not be able to do anything with extra power (enter in /dev or /boot), only user stuff..

But I'm afraid to break something by changing permissions.

My idea is: I'm the server owner and I can get root, so my first step:

In the root directory I would do sudo chown root:power , where power is a group in which I can put some users who can do more than normal, then chmod 750 in all (less temp for example)

But I have heard that if you do stuff like that, for example www-data couldn't manage apache services or change something.

So I will have to add to power group the user www-data, ok, then it can manage its stuff, but I think there are a lot of other system users/groups that would need similar adjustments that I'm not aware of at the moment.

I hope you can understand more or less what I want to do, and what I my goal is: modify server to better manage users, limiting by roles for example. But I'm a bit lost as to how to start.

And thank you all.

No.

The permissions and ownership of system files are already set up to be secure.

Breaking your system is the only thing you will achieve by changing ownership and permissions on system files.

This is a very dangerous thought process, especially if you are not familiar with using Linux. Tinkering is generally fine, if you know what you're doing. But going out of your way to try to improve things that aren't broken is generally not a good idea.

Ubuntu's developers have spent decades fine tuning and improving the software to make it cleaner and more secure.

If you think you have found a way to make the system better or more secure, please consider contributing to the development of Ubuntu. By contributing to development, lots of other people will review and audit your proposed changes before it becomes part of the OS.

Unix security, and later Linux security, has always defaulted to being as open as possible. Things are closed when they need to be closed and open otherwise.

This means that if you try to do something out of the ordinary, but not really dangerous, there is a good chance you allowed to do so.

Security specialists don't like this approach. They want things to be closed as possible and only open when they have to be. Less nasty surprises that way. It seems your instincts are in this camp.

In a closed system you have permission to do your job and nothing more. Whenever you want to do something that is even the slightest outside your box, you need to obtain permission. Developers hate working in a system like that.

It is difficult to take a old open system like Ubuntu and try to close it up. You will find that there are undocumented dependencies where seemingly unrelated programs stop working with odd error messages when an access is closed.

So, it is a choice of priorities, what is more important to you, security or usability? There are Unix versions that are more close-minded than Ubuntu. These are made by security experts that have done the hard work of tracking down those undocumented dependencies.

All that being said, Nmath's answer is also correct. A lot of very smart people have looked at Ubuntu security and found it adequate. The odds of you being hit by a unknown security hole is very very low.