The root password is set to a randomly generated string, printed on a paper with the server name and then locked in a safe. We use sudo for root access. As it is now we're pretty much fire and forget, ...