• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

What is the purpose of “wheel” group in Linux

by admin

The root system account is used for a great deal more than just administrative tasks. Many parts of the actual Linux operating system run under root credentials. Many distributions disable the actual root account for users and instead allow administrative functions based on membership in the wheel group.

Members of the wheel group exercise the administrative privileges of root with less potential for damaging the system. For example, members of the wheel group can use the sudo command to avoid having to sign in as the root user. You can use the visudo command to edit the privileges of the wheel group, if necessary. You can add users to the wheel group to give them privileges. Be very cautious about the membership of the wheel group.

Which rpm provides the wheel group?

The wheel group is part of the /etc/group file that is shipped in the setup rpm. Nothing on the system appears to use the group, at least by default, so it should be safe to remove the wheel group entry if desired.

How to deny members of wheel-group to change root password

We can edit /etc/sudoers file and add ‘!/usr/bin/passwd root’ to the wheel part of the line.

1. Edit /etc/sudoers in visudo.

Note: visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
# visudo -f /etc/sudoers

Change from:

%wheel  ALL=(ALL)       ALL, !/usr/bin/passwd root

2.. Restart sshd service

# systemctl restart sshd

3. SSH with user ( which is added to wheel group) and try to reset the root password, you will get error as below:

$ sudo passwd root
Sorry, user geek is not allowed to execute '/bin/passwd root' as root on lab.system01

Filed Under: Linux

Some more articles you might also be interested in …

  1. as Command Examples in Linux
  2. kscreen-console: command not found
  3. How to Remove virbr0 and lxcbr0 Interfaces on CentOS/RHEL 6,7
  4. apport-bug: command not found
  5. fakeroot Command Examples in Linux
  6. CentOS / RHEL 7 : Shutting Down, Suspending, or Rebooting Commands (systemctl)
  7. xclip: command not found
  8. ‘Found duplicate PV’ warnings when using LVM with multipath storage in RHEL/CentOS
  9. net-snmp-create-v3-user: command not found
  10. cryptcat: command not found

You May Also Like

Primary Sidebar

Recent Posts

  • protonvpn-cli Command Examples in Linux
  • protonvpn-cli connect Command Examples
  • procs Command Examples in Linux
  • prlimit: command not found

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright