Years ago, when I, as well as others, had root password for the various Unix systems in our test lab, one particular employee wanted the password to root so he could do some things. I particularly didn't trust the guy's skills with the Unix commands; heck he could possibly do an "rm -rf /". The su command is in the /bin directory. I added a script called su in /usr/bin that asked for a password and then changed the prompt from a "$" to "#" signifying that the person had superuser privileges. I modified his profile so /usr/bin would be searched before /bin.
He was happy and didn't notice the difference.