Maybe I’m a bit ignorant, but would it make much of a difference? Whether I authenticate with my own account to get root permissions or directly with root, I still have a string of characters which I use to get root priveleges on my machine. For a single (physical) user machine, that allows me to use a separate password for root. Should be better than using the same one twice, right?
If root has a password, it’s only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it’s easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to su but sudo allows much more granular control.
So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it’s acceptable for security to be more lax. Personally, I don’t find sudo to be less convenient than su; it’s even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.
However, it’s your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!
Maybe I’m a bit ignorant, but would it make much of a difference? Whether I authenticate with my own account to get root permissions or directly with root, I still have a string of characters which I use to get root priveleges on my machine. For a single (physical) user machine, that allows me to use a separate password for root. Should be better than using the same one twice, right?
If root has a password, it’s only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it’s easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to
subutsudoallows much more granular control.So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
Your home network is certainly less of a security risk due to both being a smaller target and (usually) needing to have fewer services available or ports open, so I would agree with you it’s acceptable for security to be more lax. Personally, I don’t find
sudoto be less convenient thansu; it’s even saved me from thoughtlessly running a dangerous command a time or two. Also, I try to keep my home network setup close to my work network until doing so gets in the way. If nothing else, this prevents me from getting used to a different way of doing things.However, it’s your network. If you find that your way works better for you, by all means, configure your system in whatever way seems best to you!