LB1938 wrotehussam wrotesudo is really against my understanding of "unix security".
Shouldn't be. I find it best to just allow sudo/su only for a group of users while disabling root login over ssh.
you can restrict 'su' usage.
But why use sudo?
1. You can use su -c 'command' instead.
2. You really don't have the root password to your own machine? Or are you afraid using su will make you accidentally rm /* ?
3. If you don't have the root password to a certain machine at work for example or your parent's machine, there is normally a good reason. If this isn't your machine, then leave administration to the machine's administrator. Linux is a multi user operating system. You can fully function on it without needing admin rights. If something needs admin privileges, call your administrator.
To be honest, I don't know the backend mechanism behind sudo but it allows you to optionally have more than one user to use their own passwords to run stuff as root. That means more choices for passwords can be compromised to gain root privileges instead of just the root password.
The ONLY good thing about sudo that I can think of it removes the ability to crack root password because if you use sudo, you most likely have root password disabled. This means that an attacker has to know the list of sudoers (it's called sudoers?) to know who's password to crack. On ArchLinux for example, if I log into husssam instead of hussam, it (pam?) won't tell me that there is no husssam user but simply that the password is incorrect.