Suppose I create a user account for a friend without entry in sudoers. And that account gets hacked.
What I can think off:
- they can use outgoing internet connections, I will held responsible for any DMCA and other abuse complaints
- they can read my /home folder if I do net set permissions not to do so
- they can create a huge system load until the system becomes unreliable
- they can try privilege escalation and compromise the whole system
Let's also suppose they are unable to do privilege escalation (which is sufficiently hard on a patched system for a Jon Doe script kiddy)...
What else? How much damage can a compromised user account cause?
What else should I do to lock down the user account of the guest?