From a3f2d9d4d848fbee90250e115e7662987fb1831a Mon Sep 17 00:00:00 2001
From: Nick Sweeting <github@sweeting.me>
Date: Fri, 3 May 2024 19:14:29 -0700
Subject: [PATCH] Updated Security Overview (markdown)

---
 Security-Overview.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/Security-Overview.md b/Security-Overview.md
index 628b577..1824e40 100644
--- a/Security-Overview.md
+++ b/Security-Overview.md
@@ -118,7 +118,7 @@ Do not run ArchiveBox as root for a number of reasons:
  - ArchiveBox does lots of HTML parsing, filesystem access, and shell command execution.  A bug in any one of those subsystems could potentially lead to deleted/damaged data on your hard drive, or full system compromise unless restricted to a user that only has permissions to access the directories needed
  - Do you really trust a project created by a Github user called `@pirate` 😉? Why give a random program off the internet root access to your entire system? (I don't have malicious intent, I'm just saying in principle you should not be running random Github projects as root)
 
-**Instead, you should run ArchiveBox as your normal user, or create a user with less privileged access:**
+**Instead, you should run ArchiveBox under a separate user account with less privileged access:**
 ```bash
 useradd -r -g archivebox -G audio,video archivebox  # the audio & video groups are used by chrome
 mkdir -p /home/archivebox/data
@@ -131,6 +131,12 @@ sudo -u archivebox archivebox add ...
 
 <img src="https://imgur.zervice.io/ca1he6I.png" width="40px" align="right"/>
 
+<br/>
+
+---
+
+<br/>
+
 ## Output Folder
 
 ### Database
@@ -149,7 +155,7 @@ How much are you planning to archive?  Only a few bookmarked articles, or thousa
 
 #### Purging entries
 
-Unless `--delete` is passed to `archivebox remove`, Snapshots removed from the index remain in the filesystem and their `./archive/<timestamp>` folders need to be deleted manually to be fully removed. Imported URLs are also logged separately in `./sources`, `./logs`, and the Sonic full-text index `./sonic` and should be removed manually as well to clear all traces of a URL added by accident. You can search for a URL on the filesystem you're trying to remove using `grep -a -r "https://example.com/url/to/search/for"`.
+Unless `--yes --delete` is passed to `archivebox remove`, Snapshots removed from the index remain in the filesystem and their `./archive/<timestamp>` folders need to be deleted manually to be fully removed. Imported URLs are also logged separately in `./sources`, `./logs`, and the Sonic full-text index `./sonic` and should be removed manually as well to clear all traces of a URL added by accident. You can search for a URL on the filesystem you're trying to remove using `grep -a -r "https://example.com/url/to/search/for"`.
 
 #### Permissions