I would like to keep my /etc/sudoers file as distributed and only use a /etc/sudoers.d drop-in file instead.
Everything is working fine except for permissions given to the wheel group in the distribution sudoers file:
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
I don't want people in group wheel to be able to run commands. Now I know I can comment the above line and revoke this permission, however I want to keep the sudoers file as-distributed; so my goal it to revoke these permissions in my drop-in file. I have tried the following without success:
%wheel
%wheel ALL=(ALL) !/*
The manual has little info on revoking permissions and I'm running out of ideas.