I understand that they were intending to unpack from / and they unpacked from /home/ instead. I’m just arguing that the unpack was already a potentially dangerous action, especially if it had the potential to overwrite any system file on the drive. For this reason it would make sense to have some way of checking it was correct before running it.

I’m suggesting 3 things:

• Confirm the contents of the tar
• Confirm where you want to extract the contents
• Have backups in case this goes wrong somehow

Check the contents:

• use "tar t’’ to print the contents before extracting, read the output and check you are happy with it

Confirm where:

• run pwd first, or specify “-C ‘/output-place/’” during extraction, to prevent output to the wrong folder

Have backups:

• Assume this potentially dangerous process of extracting to /etc may break some critical files there, so make sure this directory is properly backed up first, and check these backups are current.

I’m not suggesting that everyone knows they should do this. But I’m saying that it’s only avoidable by being extra careful. And with experience people build a knowledge of what may be dangerous and how to prevent that danger.