This is very informative, thanks. For me your strongest argument is that with sudo, many "roots" are possible and each has its own tracelogs. (I guess a sudo-er can not destroy his or other sudo-ers log files right?). Granted. This is the picture from the ground and you present it nicely. But there is also the biggest picture - which I concentrate more because I do not have to solve practical problems in my day-to-day. Like the ones you present.

So, for example, despite that sudo's real use-case is mutli-location, big corporation servers, sudo has also been promoted to ubuntu-type desktop users. Really hard and with great zeal! I already mentioned that most wiki/howtos around mention the word sudo a dozen times each. IMO the only purpose is to dumb-down and short-circuit Unix security. At the time where an un-firewalled machine on the net lasts only a few hours, at a time that registering to any stupidwebsite.com, just to file a bug for their stupid platform, requires a military-strength password!!! In these times, some wiki/howto author comes and brainwashes us that forget a root password, use your own to bootstrap to root. And they don't even put a warning: "I told you to get rid of your car's seatbelt so that grabbing beers and cigarettes from the back seat becomes easier and that enhances your overall driving experience, but also risks your life.".

Regarding Windows, I noticed that they do not at all promote administrator account! I may exaggerate but only a bit if I said 9/10 of non-IT windows users do not know an admin account even exists. And I have just learned, that the only root in my OSX is Apple Inc.!!xE+99 (see SIP)

Three different models of security, plus, the fourth, the traditional Unix security. Two of them are totally *!%$$%. While the third has only its merits promoted and not its risks. The fourth is how things were done.

btw, from the link you posted I learned about Chris Msando, a true IT hero it seems to me.

bw, bliako