Initial Config

[1] Add a new user. I used user name as 'cent' on following examples, but Set any names you like to use.

[root@ns ~]# useradd cent// add a user 'cent'
[root@ns ~]# passwd cent// set password for cent
Changing password for user cent.
New UNIX password:// input password you want to set
Retype new UNIX password:// verify
passwd: all authentication tokens updated successfully.
[root@ns ~]# exit// logout

[2] Try to switch by user that was added in section [1].

ns login: cent// input user name
password: // input password
[cent@ns ~]$ su -// switch to root
Password:// input password for root
[root@ns ~]#// done to switching to root

[3] Make 'cent' user that was added in section [1] be only a user who can switch to root.

[root@ns ~]# vi /etc/group// open the file with vi

wheel:x:10:root,cent// line 11: add user

[root@ns ~]# vi /etc/pam.d/su

#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
auth required pam_wheel.so use_uid // remove '#' that was on the head of line
auth include system-auth
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session optional pam_xauth.so

[root@ns ~]# vi /etc/login.defs

SU_WHEEL_ONLY yes// add this line at the bottom

[4] Set config to forward mails for root to a user who is a system administrator you set as.

[root@ns ~]# vi /etc/aliases

# Person who should get root's mail
root: cent// bottom: remove '#' and add user name

[root@ns ~]# newaliases// set new aliases
/etc/aliases: 77 aliases, longest 10 bytes, 776 bytes total