https://help.ubuntu.com/community/RootSudo#Misconceptions > Any user who uses su or sudo must be considered to be a privileged user. > If that user's account is compromised by an attacker, the attacker can also gain root privileges the next time the user does so. > The user account is the weak link in this chain, and so must be protected with the same care as root.
