It is. That is the whole point. Why would I make extra unprivileged accounts that can run any command I need to run as root at any time without a password on the system just to avoid it. That just increases the attack surface via any other vector by giving an attacker accounts to choose from to break into.
Then enlighten me, what is the easy way to do tasks that do require some amount of manual oversight? Tasks that can be completely automated are easy of course but with our relatively heterogeneous servers automation a la “do it on this one test system and if it works there run it completely automatically on the 100 identical production systems” is not available to us.
Of course I can store dozens of passwords but if every task that requires a single command to be run automatically on e.g. “every server with pending updates” requires entering each of those passwords that is unworkable.
As far as I know the borg backup store should only add new blocks as new files and remove them when you purge the last backup that uses that block. Obviously some of the metadata files are going to change and will be backed up more frequently but the main data should not.
No, some of the functionality is definitely accessible without that, e.g. if you use ykman oath accounts code on Linux to read the TOTP codes you don’t need to click and I seem to recall some of the functionality has a configurable click requirement.
True if the initial state is unknown but if you do your initial copy and all the later syncs with rsync it is not really necessary since rsync puts the partial files in a temporary location (there are same parameters to control the details of that too).
How long that takes depends entirely on the size of your home, the number of files in there and how you store your backups.Not everyone has tiny home directories.