[1] Add an User "cent" as an example below.
[root@dlp ~]# useradd cent
[root@dlp ~]# passwd cent
Changing password for user cent.
New UNIX password: # set password
Retype new UNIX password: # confirm
passwd: all authentication tokens updated successfully.
[root@dlp ~]# exit # logout
[2] Try to switch to a user that was added above.
dlp login: cent # input user name
password: # password
[cent@dlp ~]$ su - # switch to root
Password:# root password
[root@dlp ~]# # just switched to root
[3] Make a user be only a user who can switch to root as an administration user. (it's 'cent' in this example)
[root@dlp ~]# usermod -G wheel cent
[root@dlp ~]# vi /etc/pam.d/su
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
# uncomment the following line
auth required pam_wheel.so use_uid
auth substack system-auth
auth include postlogin
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
account include system-auth
password include system-auth
session include system-auth
session include postlogin
session optional pam_xauth.so
[4] To forward to emails for root user to another user, set like follows. (it's 'cent' in this example)
[root@dlp ~]# vi /etc/aliases
# Person who should get root's mail
# last line: uncomment and change to a user
root: cent
[root@dlp ~]# newaliases # reload
