For our IoT test devices I followed the following practice: I used to disable ssh login for user root, add another user and install everything I needed on that account with fine grained privileges where root permissions are a must.
Now, I'm porting everything to yocto and for the sake of simplicity I ran everything under user root during the development, planing to later switch to the same practice as above. However, I'm planing on deploying images with read only rootfs, ssh login via ssh certificate or maybe not even at all. Is it secure to run everything as user root when the rootfs is read only? Theoretically, malware could be somehow injected into RAM but not written to the rootfs. Is this a secure setup or is a second non-root user following the earlier practice a requirement?
Remark: I'm not sure which SO rule I violated but as this is a quite critical question (and I don't see a reason why this needs clarification, yet change) I'm going to leave it as is and hope the answer below (discussed with the community) will help others to avoid security flaws in their setups, as well.
As usual the fastest and most concise help was provided in the IRC channel.
To summarize the findings:
It is not save as operate the device software as user root as it is relatively easy to do a mount -o rw,remount and therefore circumventing also the read-only rootfs (unless elaborate security measures are in place). Also, the /tmp folder can be considered a vulnerability.
Thus, whenever possible a non-root user should be used to run the device software.