To allow more control over the privileges available to normal users, Debian provides the sudo command. This utility allows a specified user to execute commands as the root account. The users who may use sudo, and the programs they may have root privilege for, are specified in the file /etc/sudoers. The amount of access that can be given to a particular user account ranges from ALL, which is equivalent to su, down to allowing only a single command to be executed as root.
Beside the finer granularity of the permissions provided, sudo also has the advantage of not requiring the root password. To invoke sudo, the user only supplies their own password, leaving account security in the hands of the person responsible for that account. So, to give fred the ability to shut down the system, the entry in /etc/sudoers would look like:
fred /sbin/shutdown -[rh] now
In this way, a large variety of capabilities can be given to trusted users without compromising the root password. Since sudo can be used to give a user full root privilege, it is a potential avenue for a security breach if that user account password is compromised. Hence, it is advised that only those commands that absolutely must be provided are entered into /etc/sudoers, providing maximum functionality, with minimal security risk.
Obviously security is of varying importance, depending upon what the system is being used to accomplish. This does not mean that there are times when system security can be ignored. Even a system that is completely disconnected from a network can be subject to a security breach. Most of the security measures of interest have to do with protecting users from making mistakes with files that do not belong to them. This keeps Joe from accidentally deleting any of Fred's files, and both of them from accidentally deleting important system files.