This is the last file you should be reading.  If you haven't read chmod,
chown and achmod first read them then come back.

drwxr-xr-x  12 root     root         4096 Apr 21 17:15 /etc
-rw-r--r--   1 root     root          499 Apr  7 20:37 /etc/passwd

The two most common things people seem to want to change for some reason.
I guess they are trying to "secure" their system.

At best you can remove the +x and +r for /etc they aren't "really" needed
but if you are that anal you probably don't have any people on your system
anyway.  Besides any hacker worth their salt would know the files in there.

and /etc/passwd a user has to be able to read to login, again root wouldn't
have this limitation.  If you ran as root all the time you could remove all
the Write and Read permissions from every file and not notice any thing
different.

Suid Programgs not to play with:

-rws--x--x   1 root     root        31080 Mar 10 01:05 /bin/su

I can't see some one changing this but it has happened.  su (Super User) allows
you to change users without logging out and in again, usually from a normal
user to root.  If it's not suid it does no good because it's just a file with
wo access to change users.

-rwsr-xr-x   1 root     bin           61k May  9 16:13 /bin/mount
-rwsr-xr-x   1 root     bin           29k May  9 16:13 /bin/umount*

Again you can remove the suid bit from these as normal users can't mount things
by default anyway.  However if you wish to allow normal users to mount/umount
you may as well leave it this way, hardly a problem

-rws--x--x   1 root     bin           10k Sep 20  1999 /usr/bin/crontab*

This makes/edits/deletes what have you the users crontabs.  Doesn't need to
be suid unless it's to make new crontab files for users.  Best to leave it
alone.

-rws--x--x   1 root     bin           32k Jun 23  1999 /usr/bin/passwd
-rws--x--x   1 root     bin           25k Jun 23  1999 /usr/bin/chsh
-rws--x--x   1 root     bin           26k Jun 23  1999 /usr/bin/chfn

All these have various functions for /etc/passwd allowing the user to change
their settings. PASSWorD, SHell, iNFormation.  They are quite fine to leave
as it.  The anal person in you can get by without a suid bit however, just
have to change these things manual from root if a user requests it.

-rws--x--x   1 root     root         5904 apr 18 10:23 /usr/X11R6/bin/Xwrapper
-rws--x--x   1 root     root         2.2M Apr 21 21:33 /usr/X11R6/bin/XFree86

Both for XFree, the first one is pre XFree 4.0.  Both allow X drivers to access
the video hardware so they can display it.  Usefull so that someone other then
root can run X.

There are some that I suggest that you remove the suid bit from myself.
xterm, rxvt and any other X terminal you run, they are not required except
to add login information to wtmp.

This does not mean there that every thing else doesn't need a suid bit or
that you can change the permissions to some thing more anal in a grand
sweeping move.  If in doubt think about how the program/directory is used
and who has to use it.  Make note of it and if you feel it's safe change it
then su from the root account and do every thing that you normally would do
to give it a test.