Shell Programming and Scripting

But if multiple people are logging in as root it is trivial for them to destroy this system, too.

Totally agree,but this can be done for every user,not only root.
Generally i think is usefull to have it specially in environments where many users uses the same account to login to the server, i know is not safe, but happened a lot, specially in test systems.

In a Financial Services company, we would be taken to court if we cannot prove who did what where. Basically, that translates that everyone must use a personal normal account. We have groups that can perform security actions and these are highly monitored and anyone requiring root access has a sudo rule for the particular command and logs are generated and monitored by a separate team for auditing.

Huge overhead, but very necessary when the values of money in question are huge and the requirements of Data Protection are high to protect customers. There's no easy way around it, but if you give root access too easily, then someone can remove any restrictions and cover their tracks very easily.

Imagine someone adding a service that they could use as a back-door where the normal protections cease to apply, or setting up at or cron jobs to perform actions that they won't be traced to.


Keep root to (at most) three people in a single team, and then only in an emergency. Have root login restricted to the console only and limit who can access the console.


Like Corona688 says, if you give out root, you've lost all control and therefore the integrity of your server.



Robin

Well, sorry to inform you but you are wrong.

I have worked in many test, development and production environments in both big and small companies.

Never, one time, did any company permit a single login for multiple users. Never.

It is a violation of most company policies to do this and any company or system admin who would permit this is in the wrong job; as it is a basic, very basic, duty of a system admin to insure that there is one login per person, and an audit trait for each user; especially if the users have superuser privileges.

If a sys admin worked for me that insisted on a single login for multiple users, I would simply fire them immediately.

I'm going to close this thread, because we have already advised the OP on what he should do and why he should do it; and it's best we set an example of what are "best practices" and "acceptable practices" versus supporting bad ideas which are against policy at most companies.