nyan , 1 year ago

If you have root permissions, no amount of security setup can completely keep you from shooting yourself in the foot with things like this. In the end, you’ll need to do the reading and learning.

If you’re admin’ing a multiuser machine, best practice is to use sudo with a carefully curated /etc/sudoers, to ensure that no one has more permissions than they absolutely need.

For cases where you’re the sole human user and also the admin, sudo vs. su is pretty much a wash securitywise (because something always comes up where you need full root permissions, so you can’t give yourself less). It should be sufficient to add your user to groups, never issue a command not related to package management with sudo or an su’d shell without trying it as a user first, and if it doesn’t work as a user, stopping and thinking about why not and what you were trying to do in the first place.