Re: Good idea.
As others have mentioned, sudo gives you much more fine-grained control over who is allowed to do what. But there are other advantages over plain su:
- You have an audit trail of who ran which admin command when. For some of us, that is a compliance requirement.
- Communicating a shared password is difficult. Tends to happen via e-mail which is NOT secure.
- When you have 20+ servers, changing the administrator password because Joe Admin left the company is not so simple.
- Passwords can be cracked or leaked, so a security compromise of one server quickly becomes a site-wide problem (unless you use unique passwords, which complicates the distribution issue further).
I try to avoid passwords as much as possible, to the extent that my personal servers do not have passwords (a '!' for the password field in /etc/shadow). Logins can only happen via ssh using SSH keys or certificates, and sudo is setup to require a one-time password or physical token (Yubikey). If you must use passwords, at least make sure you keep them centralized (ldap directory or similar).
In other words, think about how you implement security instead of just bashing some random tool based on a 7 year old forum post.