You're right, once an adversary gains physical access (or even remote access as your main login account), all bets are off. This is the area where the traditional UNIX security model has failed to adapt at all: you need a password to install a random game from apt (a vetted and trusted source), but you don't need a password to install a cryptolocker, or exfiltrate personal data.
However I like having a password (or some other form of confirmation), just so that I can stop to think for a second, whether what I'm about to do is a good idea.
What's annoying is that I effectively need two different policies on workstations and on servers, since I still want to be able to escalate privileges from maintenance scripts[1].
However I like having a password (or some other form of confirmation), just so that I can stop to think for a second, whether what I'm about to do is a good idea.
What's annoying is that I effectively need two different policies on workstations and on servers, since I still want to be able to escalate privileges from maintenance scripts[1].
[1]: https://github.com/rollcat/judo/issues/9