I think Pat V of Slackware said it all when he made sure pulseaudio run as root. Take from that what you want.

...aaand we safely left the world of facts behind us and are back at opinions, opinions, opinions...

I seriously can't tell if this guy, the ROOT IDIOT is serious or not but one of these days he will run something really bad as root and I hope he revises his site to "garyshood.com/NeverRunAsRoot".

Sorry had to say it, that's my two cents.

that article has been there since 2008. guy probably gave up on linux ages ago and uses a much more macho operating system nowadays.
and i'll say it again, don't gratify him with clicks, use the webarchive instead if you must:
https://web.archive.org/web/20081119...hood.com/root/

Certain distributors think they own the drive, but they don't. Distribution is not the army and has no authority over the user's hdd/ssd/flash storage.
Unless the distribution pays for the drive plus the government tax for the drive, they have no say in what goes in and out of the drive.
Fact is, the drive is user's responsibility. If the user decides he wants root, the distributor can only advise against it and there's nothing else he can do about it.

Sudo is a grey area, I never use it because I want a clear distinction between user and root, and sudo just adds privilege where from security perspective there should be none.
Some people use it properly, but the majority just adds sudo rights to their user account, and let every program that runs under the account have sudo rights.
Then the distributor thinks it's a problem with distribution policy and issues a "fix" when it's clearly a user problem that should be solved locally.
Kinda like that one time when someone notified mozilla their browser is so broken it belongs in the sandbox, and they "fix" it by making the browser a host for the sandbox that holds another browser.
It's redundant on systems that do privilege separation properly, and only useful for enforcing a policy upon the user.

On all of my systems, regardless of operating system, my primary login is not an Administrator or a member of the wheel group. It cannot sudo su.

I have an "ordinary Joe" user-id for each "hat" that I wear during the course of the day. Each client's projects are managed from a separate user-id. Accounting and other business activities are managed from another. And, I surf the web from yet another.

The /home directories of each cannot be seen by any other. There is one /drop-box folder with a "write-only" folder owned by each user: you can put a file there, no matter who you are, but you can't see what's in it. Only the owner may retrieve files from his drop-box folder. (N.B.: This has nothing to do with the commercial file-sharing service by the same name.)

And then, there is the one "Clark Kent®" user ... the one and only one which can become "Superman.®"

I know that nothing will ever ask me for an administrator password, and I never give one.

- - -

Why on earth do I do such an "inconvenient" thing? Because: "computers are terrible at saying 'yes,' but fantastic at saying 'no.'"

Formally, this is referred to as "The Principle of Least Privilege." By placing strict and OS-enforceable limits around what a process can do ("maliciously" or otherwise), you effectively prevent these from being possible.

You have created a "bright-line rule," and computers are excellent at enforcing bright-line ("yes (1)" or "no (0)") rules.

1 members found this post helpful.

The last speaker, sundialsvcs, describes a very healthy attitude to the topic at hand.

Running as root unnecessarily is similar to such safe pursuits as playing with fire, or DUI - and anybody who does this, deserves the problems that are quite capable of showing up as a result. Someone in this thread tried it for a week with no ill effect, which is about as intelligent as an argument as if a notorious drunkard would say that he had never crashed a car while driving drunk: Whether a given example did by chance go well, is no reason why anyone should take such a stupid risk in the first place.

IMNSHO.

With all the known exploits these days, keep your valuable data on external storage that is disconnected. And be prepared to re-install often. But I don't run gentoo and try to avoid arch for issues like that. It's too much effort to re-install and configure to taste. I can do a fresh debian install and be rebooted and logged in with a gui web browser in under an hour, even on a relatively slow connection. With fast.com clocking me at about 450Kbps, but that normally throttles to 120Kbps for any transfer that lasts longer than ten seconds. And speedtest.net showing 0.8Mbps down and 0.2Mbps up. The down is normally faster, but it's the weekend. The service was originally sold as 2 megs. I asked if they were pretty, but never got a reply email.

Per the link from the OP, the only sane recovery is to re-install. Once compromised you don't know how they got in, or what they changed.