Sometimes, as a Linux geek, there is too much to do. While you may have several folks who are helping you, they may not have all the skills you expect. They may be fresh out of school, may have qualified with some paper computer certification, or may be in transition from administering operating systems other than Linux.
Newer geeks often learn one service at a time. Once you trust their skills on a service, you set up administrative privileges on a per-command basis.
In "Securing by User," at the end of this chapter, I'll show you how you can use Pluggable Authentication Modules (PAM) to support access to individual administrative tools.
You don't always have to log in as the root user to administer your systems. In this annoyance, I'll also show you how you can configure access to the sudo command from your regular account. Any command preceded by the word sudo causes the command to run with root privileges, just as if you had issued su first.
Even the best Linux geeks make mistakes. To minimize the effect of mistakes, many geeks disable logins to the root account. Even if root is not disabled, administrators are encouraged to run Linux as a regular user and to use the sudo command when running administrative commands.
Another advantage of sudo is that its use is automatically monitored by Linux. The actual logfile varies by distribution: Red Hat/Fedora uses /var/log/secure, SUSE uses /var/log/messages, and Debian uses /var/log/auth.log ...