<various 'su' schemes>

[Dave Ihnat]

Aeh.  This comes up ever few years, and it's probably as religious an issue
as editors--no, most likely moreso.  In any case, my favorite hack is a
'privuser' file, where there is a list of "userid:passwd" stored, where each
'passwd' is a unique root password.  Simple, elegant, and easily revoked.  Of
course, if the individual was untrustworthy to start with, you'd have a problem;
but it's unlikely that this scenario would occur, yes?

For source, please contact me.  We'll talk.