> Finally, if you give somebody a sudo you accept that s/he can shutdown the system remotely, normal case for a server.
Sudo configs are configurable (as are default command aliases) to at least make this a deliberate decision, and not an accidental occurrence. You could also, in rare cases, just "whitelist" certain commands, although this is generally not that practical.
Sudo, is however, by definition, a dangerous tool. I try to make sure that everyone who has the right is aware of the responsibilities.
Windows and Mac both have their own privilege escalation, and shutdown commands, so there's nothing particularly different about their situations.
Sudo configs are configurable (as are default command aliases) to at least make this a deliberate decision, and not an accidental occurrence. You could also, in rare cases, just "whitelist" certain commands, although this is generally not that practical.
Sudo, is however, by definition, a dangerous tool. I try to make sure that everyone who has the right is aware of the responsibilities.
Windows and Mac both have their own privilege escalation, and shutdown commands, so there's nothing particularly different about their situations.