Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Use the "visudo" program to edit the sudoers file. The wheel group is already there for the purpose you want, so you could make these users the members of the "wheel" group instead. Using "visudo", simply delete the "# " comment characters from the "# %wheel ALL=(ALL) ALL" line.
Some distro's configure sudo so that you need to enter the root password. Others configure sudo so that you enter your own password. Doing the latter, you can allow users to execute commands as root without giving them the root password. Suppose that you have another group, backupops, that you allow to run a backup script with permissions to read any file on the system. You can explicitly give the command they can run. The sudoers file has an example allowing %users to mount and unmount CDROMs. If you don't want to distribute the root password for the wheel group members, and don't want them to be able to su to root, you will need to plug some holes such as forbidding vim (which has a :! shell escape; rvim doesn't allow this). You might want to google for examples and also look at restricted bash for some situations. By the way, the sudoers file has a manpage.