I'm generating an RPM of 1.0.7 and noting that most of the files are created world-readable. Is this reasonable? Or should the config/spool/log files only be readable by root? Must asterisk run as root? If so, what capabilities are required? In principle one could change the capabilities list and then drop to a mortal EUID.