Sounds awesome. How do you use sudo? Just plain NOPASSWD and trust the SSH auth?

Annatar · on Aug 31, 2016

Sudo is in LDAP. We are allowed to run specific commands based on which roles we are in. Those roles are used to generate sudo roles.

Nobody, including 2nd level UNIX support, has or knows what the root password is.

If there is an emergency, the sysadmins can temporarily generate a root password, which is then automatically reset with random garbage after a few hours, so nobody will know what it is after that.