Example for Maximally Restrictive Setup

When I'm working in a Git project, I only want it to, by default, only read/write to my directory. Then, I'll select files to allow read/write access to. That seems the safest way. Also, it should be a file that can be used by default as another dotfile in repos. Of course, this means that it should not be able to edit its own file.