Ensure unifi cannot write to itself in the event of an exploit Unifi only needs write access to: data, log, run, and work directories