One way to give full or limited root privileges to any non-root user is to set up the sudo facility. That simply entails adding the user to /etc/sudoers and defining what privilege you want that user to have. Then the user can run any command he or she is privileged to use by preceding that command with the sudo command.
The following is an example of how to use the sudo facility to cause any users that are added to the wheel group to have full root privileges:
As the root user, edit the /etc/sudoers file by running the visudo command
# visudo /etc/sudoers
The reason for using visudo is that the command will lock the /etc/sudoers file and do some basic sanity-checking of the file to ensure it was edited correctly.
Uncomment the following line to allow users in the group named wheel to have full root privileges on the computer:
%wheel ALL=(ALL) ALL
The previous line causes the user to be prompted for a password to be allowed to use administrative commands.
To allow users in the wheel group to have that privilege without using a password, uncomment the following line instead:
%wheel ALL=(ALL) NOPASSWD: ALL
Save the changes to the /etc/sudoers file.
Still as root user, open the /etc/group file in any text editor and add the users you want to have root privilege to the wheel line. For example, if you were to add the users sathish and arthar to the wheel group, the line would appear as follows:
At this point, the users sathish and arthar can run the sudo command to run commands, or parts of commands, that are normally restricted to the root user. The following is an example of a session by the user arthar after he has been assigned sudo privileges:
[arthar]$ sudo umount /mnt/win
We trust you have received the usual lecture from the local System Administrator. It usually boils down to these two things:
#1) Respect the privacy of others.
#2) Think before you type.
[arthar]$ mount /mnt/win
mount: only root can mount /dev/sda1 on /mnt/win
[arthar]$ sudo mount /mnt/win
In the preceding session, the user arthar runs the sudo command so he can unmount the /mnt/win file system (using the umount command). He is given a warning and asked to provide his password (this is arthar’s password, not the root password)
Notice that even after arthar has given the password, he must still use the sudo command to run the command as root (the first mount fails, but the second succeeds). Notice that he was not prompted for a password for the second sudo. That’s because after entering his password successfully he can enter as many sudo commands as he wants for the next five minutes without having to enter it again. (You can change the timeout value from five minutes to however long you want by setting the passwd_timeout value in the /etc/sudoers file.)