Somebody Wrote :-)
Here is a situation where this does not make sense, and the use of sudo does make sense
1. Multiple users with root authority. john, bill, and sam
one of these 3 happens to get mad/upset/frustrated/careless
This user (lets say john) logs in and runs some commands that are very destructive to the system
(have you ever heard of "rm -rf /" being run????)
All three users actions are recorded as being done by root, thus no way to track who did what or when.
The analysis of the problem shows that "root" did some dumb/careless/harmfull things to the system.
Who is responsible????? Answer: one of the above
2. One closely guarded root account with multiple users allowed the same access with sudo.
again, users john, bill, and sam (but none of these users know the root password)
The same user decides to do the dirty deed he did in the above scenario.
Sudo actions are logged by user name, the user only has limited privledges when not using sudo.
John now uses sudo to do his dirty work, and it is logged by user name/time/command
Analysis shows john did the nasty deed.
Who is responsible????? Answer: john.
Unless john did this first :
sudo su - root
Whis will be logged, but then john is root, and never needed to know the root password, and all further comands will not be logged using john.:-(
Read the man page for 'sudoers', and establish appropriate access for different groups and users, and only give 'su' access to trusted administrators. Remember and command run with sudo is run with root access, and anyone who can replace a file owned by root can replace your security measures.
If only trusted administrators should have access to 'mount' and 'su' then you can mount some filesystems read only and other with other
options to reduce catastrophic mistakes. Another good idea is to use rsync to "backup/replicate" important information on a heavily secured
machine with limited access. We use rsync daily on a second ethernet interface on all our servers, then do backups of the "images" on a centralized backup server. Since the OS "template" is the same on all servers, only the differences need to be retrieved from all machines, reducing backup requirements. We also run tests on the "images" to ensure none of the machines have had programs replaced
with a modified version.
Who said 'The future is friendly' :-!
