Systemd at least has a point, it is just that it goes much further than the point... Sudo-only is pointless and something I have had issues with in Ubuntu in the past.

I think the sudo-only option has been around a while, a few years at least, on some installers though I don't recall whether it's the alternative install or the standard one which has it because I've used both.

Originally sudo was invented so that Senior sysadmins could delegate jobs to juniors/operators such as backups which normally require root access.
Sudo was always set to only allow specific reqd cmds (eg by backup tool) and nothing else.
This means that only Seniors used 'su -' and knew the root passwd.

Unfortunately (imho), Ubuntu decide that locking out root (I believe they create a random passwd at install) and auto adding 1st created user as sudo with complete total root access was a good idea ... sigh...

I'm pretty sure you can set a root password in ubuntu if you want to and then use 'su'. I've done it with a couple of ubuntu based distros I experiment with.

Yes, I have done that also. Apparently one can be banned from the official Ubuntu forums for explaining how it is done?

You could write a book about correct sudo usage... in fact someone did: https://www.michaelwlucas.com/tools/sudo

Often the arguments for misuse of sudo are along the lines of "well look what cat gets used for, not what it was originally designed for, etc...". That seems like a weak argument, invoked solely to justify poor practice. One could use a similar argument to justify starting X as the root user, etc.

I find the sudo website quite informative: https://www.sudo.ws/intro.html

The advantages are obvious, but if you're the owner/user/admin of a single user desktop you probably won't need those features. If as the owner/user/admin you're set up to do everything root can do, then it becomes pretty pointless.
True.

And you are saying it is not a good idea to create the 1st user with total sudo access? I'd say this is a good idea in my opinion. As if you are setting up a remote system, you won't want to connect via root over SSH and so you'd want to default to using the 1st created user. If it isn't a multi-user system with SSH then you are probably going to be using the 1st created user as your default user anyways, which you would likely require the ability to escalate privileges from.

The bad idea is disabling su for arbitrary reasons that don't really make sense once applied to the real-world. Both su and sudo have their place and purpose.

Actually, if the 1st user has full sudo (root) rights, someone only needs to find/guess one passwd for total access.
If you have a non-priv user and have an active root (no remote allowed), then they have to get 2 passwds ...

That's how AntiX does it. The first user has full sudo rights, but you also create a root password when you install, so that you can use su in an emergency. How else can you correct a bad sudoers file, without having to use something like System Rescue?

If your password is leaked/cracked that quickly, it can almost be assumed (and SHOULD be assumed) that both passwords got leaked/cracked that quickly, meaning you'll wanna reinstall the system from scratch. As you'll note, I said a remote system. Also as we are talking a remote system, you should be disabling password authentication anyways and enabling SSH keys as a very very early step, so even with Sudo, you'd need a private key and a password which is much more secure than two passwords.

Generally, I do not believe the root password should be used remotely as in some cases the root password may need to be used locally by onsite engineers to perform certain tasks (I.E. fsck on a potentially corrupted partition). Any password in common usage should be rotated out systematically, which can cause issues if the onsite engineers then don't know the root password because it got changed and the system is down after a reboot, requiring maintenance at local console.

RHEL/CentOS can also be set-up like this, it gives you the configuration options during installation, iirc it has a checkbox that says "make this user an administrator", that will automatically set-up the user with full sudo rights. And I believe su is also always available by default too.

The reason I don't use sudo is because I run single-user systems I own so I have no use for it. For some tasks it makes things more difficult if sudo is used so to me it's more trouble than it's worth.
A side-effect of sudo setup in Ubtuntu, which one cannot really blame Cannonical for, is the "sudo addiction" some seem to suffer from where they seem to start any terminal command with sudo.

I like sudo because it's convenient. For a sequence of root operations, I use su, but it seems like overkill to start a new session for just one command. I know you can use su -c, but then you must put your command and its arguments in quotes, which is a complication I can do without.

The first thing I do on a new system is to uncomment the permissions given to the wheel group in most standard sudoers files and then add myself to that group.

I have to say that I'm very comfortable using sudo with no separate root account enabled.

If I do have to do any prolonged root-level work then I'll just open a terminal window and/or my file manager as superuser.

I feel very much in a minority here though. ;-)