Well, I have a thought on sudo.. Both in Gentoo and OpenBSD I have put my user in the wheel group so I can use su and sudo. But I have always wondered why sudo uses the users own password instead of the root one. Cause if a cracker would have cracked my password that will give him full access to the system without having to crack the root password, right?
Shouldn't sudo use the password of the account I am trying to run the command as (root)? Like "su -c cmd"?

It's just a thought I've been having and of course you can claim that as long as we use strong passwords it's safe. But I still think it's strange that sudo skips the root password.

This is optional, the following setting in /etc/sudoers will make sudo ask for the target user's password.

Imagine that you are one of many users on the system and members of a certain group need to run certain root commands. You don't want to give them the root password, because then they could su to root and have full power.

You can configure the /etc/sudoers to deny certain commands. Some commands like mounting or ejecting a cdrom may be allowed for all local users.

Thank you. That cleared it up. So I guess I can use something like a "admin" group and give them access to stuff like shutdown, reboot, mount, etc.. and then add "Defaults:%wheel targetpw" and give users in wheel full access to all commands.

That way users in the wheel group can use the root password to run su or sudo but users in admin can do some administrive stuff without needing to know the root pass.

I tend to just use su, if you add an /etc/suauth file and only allow certain users to switch it seems perfectly fine and convient. I've never understood what people are doing that requires constant root access though

you shouldnt setup sudo so that a normal user can execute all commands as root.. thats what the root account is for. sudo should be used for specific commands, in my opinion. commands, as previously mentioned, such as ejecting a cd drive and shutting down seem like logical commands to be able to have your normal user sudo to. if you have sudo setup like this and someone does gain access to your account, then they cant really break your system.

If a hacker has cracked the account of a user who uses `su` (or sudo with root password) regularly, it is not very difficult to get the root password. All he must do is write a small bash-script that records the root password the next time the user enters it.
That is the reason why using sudo with the user's password (as ubuntu does it) is in most cases just as secure as using the root password (or su with a proper root account), as long as the user chose a good password.

Besides, even if a hacker gains 'only' user access, he can easily wipe all of the user's personal data, which is usually much harder to replace than reinstalling the OS.