we are looking at changing the way we get root on our network.
in our current system if an admin needs root access he just gets the root password and uses an su.
some of our staff have decided that a sudo to "/bin/sh" will be easer.
some of our staff think a sudo to "su -" will be better.
I feel that we should stick with root passwords.
what are the thoughts out there?
some background on our network that maybe of interest.
- we have a team of 9 unix admins who use root quite a lot.
- we have about 600 servers, solaris and HPUX.
- root passwords are kept in a password vault system that needs the user password to access.
- root passwords are changed every 6 months.
- our version of sudo is NOT standard, it can't be setup to let user sudo any command, it has to be setup for each and every command.
- auditing is not a big issue for us.