The principle of least privilege suggests that you grant users the bare minimum privileges required to perform their jobs. The excessive granting of permissions, especially early on in an organization’s lifespan when few employees must complete work within tight deadlines, can leave systems wide open for abuse. Reviewing user privileges periodically to match their current job responsibilities is considered good security practice.

This principle requires that users are assigned their own login accounts. If they require administrator access for a purpose, use sudo to grant access for that specific purpose.

Distributing the root user password is considered poor security practice. You can enhance the security of the root password by ensuring that it's long, difficult to guess, and contains a wide variety of special characters.

See Checking User Accounts and Privileges for more information.