It’s an unnecessary layer of complexity. I am the only user of my personal laptop. I don’t need fine-grained permissions. Linux users and groups are enough for any permission needs I might have, like docker group, audio and video groups, etc. I don’t have any “classified” documents on my computer. My home directory and root are on different disks. I can easily format and reinstall my system if something goes wrong and keep all my personal data.
In a lot of distros at least, you can just reinstall in place, which has the same effect. But a different place for /home does feel a potentially more reliable method.
You don’t have classified documents, but you probably use bank in your browser running as your user. Maybe you use local mail program to send emails, also running as your user. A simple malware could add emails to be send asking your family to send you some money through online service.
And that’s easily done because the only isolation layer is user and group.
Not everyone does online banking (I don’t), and it’s possible to warn your family about scams. If the information isn’t there, you don’t need to lock it down. Of course, that just moves both the security and the accompanying inconvenience off the computer and into the real world.
I really don’t see how anyone can install malware on my computer. I know my way around computers enough to not do anything dumb. Of course if someone wanted, they would be able to hack my device, probably. But I am not a high value target and it would be a waste of their time and effort. In short, that’s a risk I am willing to take :)
It’s an unnecessary layer of complexity. I am the only user of my personal laptop. I don’t need fine-grained permissions. Linux users and groups are enough for any permission needs I might have, like docker group, audio and video groups, etc. I don’t have any “classified” documents on my computer. My home directory and root are on different disks. I can easily format and reinstall my system if something goes wrong and keep all my personal data.
Having your home directory on a different disk is something that could’ve saved me a lot of headache. Can’t believe I didn’t think of that.
I think it’s becoming default on more and more Linux installers
In a lot of distros at least, you can just reinstall in place, which has the same effect. But a different place for /home does feel a potentially more reliable method.
You don’t have classified documents, but you probably use bank in your browser running as your user. Maybe you use local mail program to send emails, also running as your user. A simple malware could add emails to be send asking your family to send you some money through online service.
And that’s easily done because the only isolation layer is user and group.
Not everyone does online banking (I don’t), and it’s possible to warn your family about scams. If the information isn’t there, you don’t need to lock it down. Of course, that just moves both the security and the accompanying inconvenience off the computer and into the real world.
I really don’t see how anyone can install malware on my computer. I know my way around computers enough to not do anything dumb. Of course if someone wanted, they would be able to hack my device, probably. But I am not a high value target and it would be a waste of their time and effort. In short, that’s a risk I am willing to take :)
So you think NONE of the software you use will ever get an exploit? “Not do anything dumb” only covers some threats, not all.
Plain and simple, with a supply chain attack.