Configure superuser accessuseradd USERNAMEpasswd USERNAMEvisudousermod -aG wheel USERNAMEsu USERNAME -

Manage users and groups

• Configure superuser access

1. A similar and basic doc about this topic from RedHat Openstack Platform

   Configure sudo access

   1) login as the root

   2) Create a normal user account using the useradd command

   useradd USERNAME

   3) Set the password for the new user

   passwd USERNAME

   Changing password for user USERNAME.
       New password: 
       Retype new password: 
       passwd: all authentication tokens updated successfully.           

   4) Run the visudo to edit the /etc/sudoers file.

   visudo

   5) Find the lines in the file that grant sudo access to users in the group wheel when enabled.

   6) Remove the comment character (#) at the start of the second line and save it.

   Allows people in group wheel to run all commands

   # %wheel        ALL=(ALL)       ALL           

   7) Add the user you created to the wheel group using the usermod command.

   usermod -aG wheel USERNAME

   8) Test it

   su USERNAME -

   $ groups
       USERNAME wheel
       $ sudo whoami
       We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
   
                       #1) Respect the privacy of others.
                       #2) Think before you type.
                       #3) With great power comes great responsibility.
   
       [sudo] password for USERNAME:
       root           

   9) The last line of the output is the user name returned by the whoami command. If sudo is configured correctly this value will be root.

2. No password configuration for wheel group

   You can configure the sudo not asking the password.

   1) Run the visudo to edit the /etc/sudoers file.

   2) Remove the comment character (#) at the start of the second line and save it.

   Same thing without

   # %wheel        ALL=(ALL)      NOPASSWD: ALL           

3. No password configuration for a specific user

   Sometimes you want enable a specific user for sudo without asking password. For this, after you add a new user, you can have a specific rule file for the new user under the /etc/sudoers.d directory. /etc/sudoer file will include this file at the ending of itself.

   Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)

   #includedir /etc/sudoers.d
   
   /etc/sudoers.d/xxxxx
      # User rules for USERNAME
   USERNAME ALL=(ALL) NOPASSWD:ALL           

4. auth           sufficient      pam_wheel.so trust use_uid