One reason to use/require sudo of root commands that I've seen was for auditing the
use of root access/commands. It wasn't for security purposes other than yes to give
approved people access to priviledged commands using their password and not reveal the
root password, however it nicely logs to your logging server that user ran x command. It
was a pain yes I wouldn't argue that and the change of habit from admins sudoing to su
takes a bit to get out of autopilot mode but it worked out in the end.
The other comment was no of course it isn't a security measure or preventing a
non-admin from creating an account, however every employer/employee should be getting a
nice little motd or security message indicating proper authorized use of the system and
lack of expectation to privacy. Creating an administrative account/backdoor would be good
grounds to be fired. It's just a security control.
--- On Wed, 12/14/11, Alexander Schreiber <als at thangorodrim.de> wrote:
>
>???-spc (sudo this, sudo that,
sudo something else ... for more than one
> >??? command, sudo is an
annoyance
... )
???You don't trust some users with the
root password, but you allow them a
root shell via sudo and trust them not to install
back
doors.?