I own a server (Ubuntu), where I am the only sudoers user (and usually the only user at all). So, my question is as simple as it sounds: if I am not the
root user, but I am a
sudoers user, am I actually root? Because in practical means, if someone cracks my password, an attacker can act as
root. Therefore, if my account is compromissed,
root is compromissed.
So, for example, when installing new services through docker containers (the case I’m dealing with right now), should make container folders belongs to me or
root? Because making some folder is owned by
root is actually very inconvenient (depending on the
r flags, I could have no tab-completion or won’t be able to
sudo cd because
cd is a built-in not a command, etc), without, I think, any gain in security since I have super powers anyway.
In short, what is my role in the system? Maybe this question seems stupid but I have had a hard time trying to balance convenience and security and I haven’t found a satisfying answer so far.
Or maybe the key of the question it’s just my inability to properly analize the security risks I’m exposed to, that brings me to not knowing, for security, what restrictions to strength, and for convenience, what restrictions to relax.