@nixCraft that is actually true...

Unless someone provides a program with #root #privilegues it can only mess up the $HOME of the user account which it runs under.

This is why the default config for servers like #Apache and #PostgreSQL to literally be run as #daemons or rather #systemD services under dedicaded user accounts, so a webserver - even when hacked - can't f**k up the system.

It's part of the #KISS-Approach to #Users and #Groups in #POSIX and is supplemented with #AppArmour...

@kaitlynethylia Like #XDG definately! Their system is far better for backups and for storing stuff in different drives (e.g. the binaries on the SSD and the data on the HDD)

Additionally, doing things by category first helps with writing #AppArmour and #SELinux profiles.