
Real Sysadmins Don't Sudo - gilad
https://www.redhat.com/sysadmin/sysadmins-dont-sudo
======
freedomben
As a Fedora person I do prefer the way Fedora handles the root account as
opposed to the "locked by default" approach that Ubuntu takes, but I think
he's arguing against a straw man here.

The point of locking the root account in Ubuntu is not to protect the user
from damaging their system with commands: it's just to not have an account
with a potentially weak password and a known username that can be brute forced
or abused in other ways. Not everyone that installs Linux knows the full
implications of the root account, and given that it's a very, very, minor
inconvenience to the user who wants that account enabled, that sounds like a
fine trade off to me.

I also feel like the author greatly exaggerates the inconvenienced caused by
this to the sys admin. Instead of `su -` and typing the root password, is it
so hard to type `sudo -s` instead?

Also if there are multiple users on a server that may need root, using `sudo`
makes it so you don't have to remember to rotate the root password every time
a person who used to have root access leaves the company or switches teams or
something. For setups with hundreds or thousands of machines, sudo is a much
more scalable approach IMHO.

