Problem: user needs to constantly (daily, or often enough) escalate privileges using sudo in order to keep an updated system.
Malware running can easily pick up root password.
Is something like the Tails trick of using a non-root user to perform a procedure that was defined for root rights possible in this case?