A bunch of people seem to be reposting of the VMware KB article on adding a second superuser (root) account to VMware ESX. I have to ask:
Why would you ever want a second superuser account? Isn’t one enough trouble?
Root is basically a user with full access to the machine. And by “full” I mean “uncontrolled and unaudited.” When it comes to securing a computing environment I don’t usually want to add more accounts like this. I usually want to reduce them, and secure any accounts like that which absolutely need to remain.
My recommendation, in all cases, is to secure your root accounts well with SSH restrictions (which is the default in ESX), firewalling, and very secure passwords. If others need access to the host add an account for them, and if those people need root-level privileges for something look into how to configure sudo so that they can run just the commands they need as root.
The comments over at Leo’s Ramblings have a small discussion about how this is a bad idea, and to Leo’s credit he concurs, acknowledging that sometimes the only fix for a problem is a bad idea. In general, though, the whole “add another root account” idea goes in my category of “just because you can doesn’t mean you should.”