I can't speak for earlier versions but I know fedora 12 uses the user password on sudo

"sudo su root" allows you to get the root prompt instead of all that sudo password asking.

yes, and it is a REALLY REALLY BAD THING TO DO AND YOU WILL GO TO HELL and all that.

running su inside of sudo ruins the security model of both bits of code, there is much less audit trail and security. People doing this is so annoying becuase there's even a way to do exactly this properly in most sudo versions, using the -i option to give you a root shell.

IF you have to do something like that, then run "sudo -i" not "sudo su". and "sudo su root" is just a waste of 5 characters as root is assumed. Also not adding a - or a -l to the su part means you don't inherit the root user environment properly, paths are not modified etc, which is also a bad place to be.

No, that is NOT logical based on the whole bloody point of sudo. If you're running a production server, then the root password should not be known or used to any extent, in order to provide security audit and such. sudoers files are instead securely managed to say that users of a certain group are allowed to do certain things as if they were root. The root password can be obscure and held in a vault somewhere under lock and key should direct root access be required. Otherwise an admin needs to log in with a human user account and have a good level of transparency over who did what.

It's not wrong, it's just a different security model than the one you want it to be. This does not make you right, and a million professional unix administrators wrong.

This should be configurable by adding options like add making a rootpw option and setting it to no... but I am not certain on how fedora handles it, I'll have a play around later when I get a fedora VM up and running to test it out.

Hmm. "sudo su root" drops you into a root shell complete with the number sign prompt. When I got ubuntu I was told that you couldn't get a root prompt but I tried the "sudo su" combination and got one.

The root account on Ubuntu is disabled by default, but it doesn't have to remain disabled.

All you have to do is set a root password.

Once root has a password, you can use su and specify the root password.

When using su I prefer to use the - option to get it to reset the environment variables (it's good to get in the habit)

Ubuntu can be tricked in many ways to make a root shell, really it's done well enough so most newbies (as in new linux users as opposed to n00b l33ters) can not go around as root and destory everything but those that have enough knowledge to do it, still can. My favorite is sudo /bin/dash.

Personally I prefer the escalation method of having a normal user account to a super user account as opposed to direct super user logins.

It's not "disabled" it just has no password in line the security model. It's no tip nor trick to give it a passwd against recommendations and logic.

What is it with people and nasty hacks?

Still, in the sudo model dumped on me at work, our DBA's all have access to vi via sudo (and mv, cp, ifconfig, kill, init and rm), try making any sense of that...

This is only for Ubuntu, I generally don't like dealing with ubuntu too much, I deal more with servers and most of my work is usually emergency maintainance after someone has killed their own server thus root shells make things alot quicker, faster and more effecient then you know, creating new $PATH entries, retyping sudo, and searching for everything =P. However I don't like it when SSH is open to root, that's just asking for trouble in my opinion.