fishyman65712 The Linux permissions model is even simpler than that. Root can do anything. Sudo users by default can do everything Root can, unless configured otherwise. File permissions control access to everything else. Containers and systems like Apparmor/SELinux can prevent processes from interfering with eachother.
However, anyone with physical access can boot your system as root and do whatever they want. This is why Full Disk Encryption is becoming more common. Even if you have physical access you still have to crack the encryption before making changes. Most hackers will only bother at this point if you are considered a valuable target.