Restrict root access

Parsing this thread can be difficult. Therefore my goal is to summarize it all on this wiki page:

Did you read Strong Linux User Account Isolation?

Anything missing there?

Yes, and the rationale of this is explained here: Strong Linux User Account Isolation

This is a different issue.
This forum thread “restrict root access” can be considered done. It does everything as described on page Strong Linux User Account Isolation.

~/.bashrc and other problematic files and folders might be covered in future by something like Dev/VirusForget - Kicksecure or GitHub - tasket/Qubes-VM-hardening: Fend off malware at Qubes VM startup.

But even then, Safely Use Root Commands remains valid. A user user used for the majority of daily tasks such as browsing the internet cannot be at the same time be an ideal user to run applications with root rights using sudo. That is because one user user is compromised, the sudo password can be sniffed. That is why boot modes without sudo/root access are being planned:

• multiple boot modes for better security: persistent user | live user | persistent secureadmin | persistent superadmin | persistent recovery mode
• walled garden, firewall whitelisting, application whitelisting, sudo lockdown, superuser mode, protected mode