Simplify the Use of Sudo
Being in the security business, I am constantly surprised by how many companies continue to rely on security practices that they know to be poor. Organizations, large and small, make excessive use of the root user account to perform routine maintenance on their UNIX and Linux computers. Even though companies often chose UNIX or Linux for better security, they employ practices that seriously undermine this advantage.
There are many reasons to not rely on the use of the root account:
* Because you can do anything, it's easy to make mistakes with dire consequences
* When something goes wrong, it's impossible to figure out who was responsible
* If someone leaves the company or the IT group, you have to change the root password and let everyone know the new one
* The opportunity for mischief is high
* You'll never pass a security audit
Companies use the root account because the alternative requires a lot of work. All too often, easy beats smart.