# sudo in the alias or alias in the sudoer

## reup

hello all,

this is a not so important question, I am just curious about it

I use a virtual gentoo with no contact with the outside world, so this is not really a security issue. in this gentoo, I use an alias as the following :

```

alias xxxx="sudo su -"

```

in the /etc/sudoers file, I have a line to remove passwd for sudo if the user belong to the group wheel

```

%wheel ALL=(ALL) NOPASSWD: ALL

```

what I would like to do is to keep the alias but makes it that sudoers does ask the passwd for all commands except the alias "xxxx".

I would like to restore the password demand for users of group wheel, but not have password for command "xxxx" while still have password for command "su"

this means that someone doing "sudo su -" will have to enter a password, but someone entering "xxxx" will go through.

first step is to replace the above by :

```

%wheel ALL=(ALL) ALL

```

next step, I don't know

thanks

----------

## reup

ok, nobody seems to have an idea, so what about those ones.

1            rename su to xxxx, then set xxxx to no passwd in sudoers for my user

2            create a symlink from su to xxxx and set it to no passwd in sudoers

would solution 1 create some issue as some apps might really upon su to run ?

I will test solution 2

reup

----------

## truc

it won't work this way, you have to list the command in the sudoers, you can even create alias if that makes it easier:

```
Cmnd_Alias DONTASK=/sbin/su, /sbin/tcpdump

%wheel ALL=(ALL) NOPASSWD: DONTASK

%wheel ALL=(ALL) ALL
```

----------

## reup

thank truc,

actually I created a symlink like this

```

ln -s /bin/su /bin/xxxx

```

then I set in sudoers

```

my_user ALL=(ALL) NOPASSWD: /bin/xxxx

```

and it worked but I will now try your solution. Mine was a dirty fix

----------

## reup

truc,

the command you gave me only remove password for sudo su -

I am trying to keep the password for su but remove it for sudo xxxx.

it is a kind of shortcut for me but in the same time, someone would be asked for a password if trying to use sudo on my system and would have to guess the shortcut xxxx to access root privileges without password 

reup

----------

## truc

then try to understand the syntax of the sudoers file, then you should be able to do what you want

----------

## reup

it is true but where would be the fun? at least on the forum I share the experience   :Very Happy: 

----------

