>> Not necessarily. One circumstance under which I think this is very
>> useful is when you have an outside contactor who needs temporary
>> root access.  [...]

> Either you trust the person you give the root password to, or you
> don't.

Trust is a spectrum, not a boolean, in two senses.  One spectrum is
degree of trust, as in the difference between "I don't think this
person will abuse this trust but I'll keep an eye out just in case" and
"if this person decides to throw the computer out the window I believe
it'll turn out to be to our benefit".  The other spectrum is that one
can trust someone to do (or not do) one thing, but not another.

I may trust the person to not abuse that password for the duration of
the work; that does not mean I trust that person to not let the
password leak.  Presumably I judge the risk of leaking during the job
to be small enough that it's worth the benefit of what the person is
doing, or I've picked the wrong contractor. :-)  But the risk of
leaking _after_ the job will usually be much greater, and being able to
revoke that particular password's access then becomes important, and
the increased risk of having the extra superuser login must be balanced
against the inconvenience of having to teach everybody a changed root
password.  It's no surprise to me that for many people this tradeoff
comes down in favor of the extra login.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B