If root has a password, it’s only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it’s easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to su but sudo allows much more granular control.
So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.
If root has a password, it’s only one password; everyone who has root access knows the password, which means that anyone can share it with no accountability. If privilege escalation rights are granted instead, it’s easy to see who did what, as well as to contain any kind of compromise (by revoking said rights).
Also, I think you originally referred to
subutsudoallows much more granular control.So, we are clearly talking about different environments here. Of course I would not have a password for root in an enterprize setting where you have a lot of different people managing one machine. But for your regular desktop computer with one user, it just complicates things needlessly without providing any benefits.