You start out incorrect, then make points totally off the track. By your logic if only trusted admins are allowed on a system it needs no logging?

The primary purpose behind sudo is to allow one user to execute an allowed command as a different user without knowing that second users password: su cannot do that. If it could, it would be sudo.

To go beyond what has already been said would be to engage in pointless arguing. I stand by what I have said, and that should be enough.

Re-read your first post, my points are where they need to be, defending the root account. Instead of jumping on the "sudo is more secure because..." wagon.

Even if you had only sysadmins on a system, you would still need logging, just logging a trusted users every move is a waste of space that requires unnecessary maintenance over the years. You still need to log remote connections, services, system messages, you just don't need to turn a machine into a Siberian gulag.

If you are that keen on allowing users to execute commands that require root access add them to a group that allows that. Or if you really must and you have no way out... configure sudo to ONLY allow that one command (no sudo -i, so remove ALL:ALL) and use something like gresecuity or SELINUX to limit sudo access even further. Otherwise using root + some groups for trusted users is just fine, we have been doing it for years before the creation of sudo.

Why do you insist on misunderstanding what I say? Was I that unclear?
Perhaps I was, so let me try again.

The purpose of sudo is NOT to run commands with root access. That does work, but is a side effect of the more general case that is what sudo REALLY is for.

While early versions of sudo WERE for running a single command as root, it grew well beyond that quickly. The current definition (you can find this on Wikipedia) starts with So, yes, you CAN run things as root (as root is just another user account with elevated privileges) but that is only ONE kind of use. You can just as easily use it to run commands as a contained or less privileged user WITHOUT root access or using su! This is an incredibly useful tool if used properly. It does not replace root access, unless you use it the *buntu way which is as a special way to accomplish su - commands without a root password: in which case it does a pretty good job, but it (and you) are not so limited. That is rather like considering a shell as a user interface, and totally ignoring the scripting options.

The options on multiuser systems should be obvious. I had thought that the options beyond that on a linux box used for a single user for multiple purposes would also be obvious, but perhaps I was wrong.

My point is that it is not 'sudo' vs 'su' at all. They are both tools that exist to solve certain kinds of problems, and they solve different problems well. They should BOTH be available so you can solve those problems with the right tool.

I should have added that I only use GNU/Linux on a home computer.