In most organizations, sudo is typically intended to only allow a certain set of people to run a very limited set of commands, as a different, elevated privilege user. Unfortunately, given its easy access and liberal governance, systems administrators often us the sudo command for everyday commands and tasks—bypassing corporate policy, network security and compliance requirements.
It goes without saying that IT pros require access to simple IT commands to remain productive and efficient. Unfortunately, the proliferation of sudo has meant that these employees have been provided with passwords and IT access far above and beyond their actual needs. This has a direct impact on compliance and security.
For any organization where regulatory compliance, internal auditing and enterprise security is a way of life, the widespread access and availability of administrator privileges within the enterprise IT environment is a serious liability. But what is the alternative? In today's highly regulated and dynamic environments, organizations are often choosing to meter out this access through selective and programmatic delegation of root access—dictating permissions for users to the most granular levels. This separation of powers removes the need to disclose highly sensitive rootwords helps restore the balance between access/productivity and security/compliance.