Hacker News new | ask | show | jobs
by bogantech 728 days ago
> if you need to be root, then login as root via console

1: This requires every user to have the root password, while sudo does not

2: If everyone just logs in as root there's no way to audit who actually logged in and did what.
2 comments
kchr 728 days ago
Additionally, you need to rotate and distribute the new root password to all root users when you want to remove access for someone.
link
joveian 728 days ago
You can have multiple accounts with uid/gid 0 (and can set up smart card or u2f login too if you want).
link