Learn Linux wheel group usage [With Examples]
Operating systems have a user with full privileges. However, since this user cannot be shared with the people logged into that system, they temporarily share some of their privileges with other users.
On Linux systems, the root user is the most authorized user. There is the sudo/wheel group for other users to use some of the privileges.
This group, which is called sudo in Debian based systems, is called wheel in Redhat and Arch base systems.
Users are taken to this group and authorized.
Configuring Wheel Group in sudoers File
In the sudoers file, the wheel group is disabled in many Linux distributions. Even if the user is in this group, the following warning appears when he wants to perform an authorized transaction:
Status in sudoers file:
This issue is resolved by removing the # sign at the beginning of the %wheel lines. Users who are in the wheel group in the first wheel line can run all commands with their own passwords. In the second wheel line, users do not need to enter a password:
Opening this line is not recommended for security reasons.
It can open the sudoers file with an editor(vi,nano etc):
or you can use visudo command:
Open the first line in the sudoers file and try the same action again:
Prevent wheel group users from changing root password
Wheel group users get root privileges temporarily. This authorization includes changing the root password. To prevent this, the sudoers file should be written like this:
After this operation, the user cannot change the root password even if user is in the wheel group:
Wheel Group Operations for Users
There are 2 methods to add/remove users to the wheel group. One is to use a command for this job, and the other is to manually edit the /etc/group file.
Add/Remove Users to the wheel group by editing the group file
Edit the /etc/groups file with a text editor (vim, nano etc) in the terminal:
![Learn Linux wheel group usage [With Examples]](https://www.golinuxcloud.com/wp-content/uploads/wheel-2-e1668062415174.jpg)
Type users in the wheel group line, one after the other, with a comma(«,») between them.
Then, type sudo at the beginning of the commands you will type in the terminal to perform authorized action with the user. After the user enters his password, the action will take place:
To remove the user from the group, it is sufficient to delete the user from the wheel group line again. This step will prevent that user from taking authorized actions.
Add/Remove User from Wheel Group with Command
You have many alternatives for adding/removing users to the wheel group in Linux. When creating the user, you can create it by adding it to the wheel group with the adduser command:
The added user is in the wheel group:
If the user is already added and you just want to put them in the wheel group, use the usermod command:
The user is also included in the wheel group like this:
To remove the user from the wheel group, use the gpasswd command:
This way user user1 is removed from wheel group:
What you should do NEXT?
Summary
As we mentioned above, wheel group users are the most authorized users after root user. Care should be taken when adding/removing a user from this group.
Before adding/removing the wheel group, it should be ensured that the root password is known or you should switch to root user by logging in with an authorized user in a different terminal. Otherwise, you may lose all your privileges in that system.
In our article, we gave information about wheel, which is the super user authorization group in Linux.
References
Didn’t find what you were looking for? Perform a quick search across GoLinuxCloud
If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.
For any other feedbacks or questions you can either use the comments section or contact me form.
Wheel Groups in Linux
This article will learn about the significance of wheel groups in Linux.
On some Unix systems, the wheel group is a special user group that controls access to the su command, which allows a user to clone another user, i.e., superuser.
the Fundamental Goal of Groups in Linux
A group in Linux is a gathering of users. The fundamental goal of groups is to specify a set of privileges for a certain resource.
That may be shared across the users inside the group, such as read, write, or execute access. Taking advantage of rights granted by an existing group, users can be added to it.
the Group Work in Linux
A user owns every process, e.g., like Thanos user when a process attempts to read a file held by a group.
Linux A determines whether the user Thanos has access to the file and B determines which groups Thanos belongs to and whether any of those groups own and can access the file.
the Sudoers Wheel in Linux
When a user’s wheel group membership grants them complete sudo root access, it’s usually set up like this in the /etc/sudoers file: %wheel ALL=(ALL) ALL .
That means Any member of the group wheel on any host can sudo to any user account and run any command.
the Users and Groups in Linux
On Linux systems, user groups are quite significant. They make it simple for a small group of users to share files.
System admins can also manage user privileges more effectively by allocating privileges to groups rather than individual users.
Type groupadd to Create Group in Linux
To create a new group, type groupadd followed by the new group’s name. The command updates the /etc/group and /etc/gshadow files to include the new group.
What is the purpose of “wheel” group in Linux
The root system account is used for a great deal more than just administrative tasks. Many parts of the actual Linux operating system run under root credentials. Many distributions disable the actual root account for users and instead allow administrative functions based on membership in the wheel group.
Members of the wheel group exercise the administrative privileges of root with less potential for damaging the system. For example, members of the wheel group can use the sudo command to avoid having to sign in as the root user. You can use the visudo command to edit the privileges of the wheel group, if necessary. You can add users to the wheel group to give them privileges. Be very cautious about the membership of the wheel group.
Which rpm provides the wheel group?
The wheel group is part of the /etc/group file that is shipped in the setup rpm. Nothing on the system appears to use the group, at least by default, so it should be safe to remove the wheel group entry if desired.
How to deny members of wheel-group to change root password
We can edit /etc/sudoers file and add ‘!/usr/bin/passwd root’ to the wheel part of the line.
1. Edit /etc/sudoers in visudo.
2.. Restart sshd service
3. SSH with user ( which is added to wheel group) and try to reset the root password, you will get error as below:
What is the significance of the "wheel" group? [duplicate]
I’ve commonly seen references to a wheel user group online as well as when setting up my sudoers file. Does naming a group wheel imply something special about the group or is it just a name for a generic group used in the same manner that foo and bar are thrown about?
2 Answers 2
Rather than have to dole out individual permissions on a system, you can add users to the wheel group and they can gain access to administrator levels, simply by being in the wheel group. It’s typically tied directly into sudo .
Which means you can do anything on the system with sudo <cmd> .
Previously you needed to be in the wheel group if you wanted to have access to use certain commands, such as su .
Modern Unix systems use user groups to control access privileges. The wheel group is a special user group used on some Unix systems to control access to the su command, which allows a user to masquerade as another user (usually the super user).