What are the actual benefits of assigning sudo privileges to a user instead of using root?

JM4 asked:

I am fairly new to server administration, and I have seen a lot of sites recommending to assign sudo privileges to a user created by the root user and giving the root user an insanely long password for security enhancement.

If the newly created user can perform the same functions as a root user however, what is the actual benefit of doing this at all?

My answer:


The primary difference is that users authenticate to sudo using their own password, whereas with su or direct root login the root password is used.

This means that you don’t have to share the root password with all and sundry, and that if you need to disable root access for one or two users in the future, you can just disable it for them, instead of having to change the root password.

sudo is also capable of limiting which commands each user can run as root, so specific users can be given access only to the tasks they need to perform, if they do not require full root access.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.