diff --git a/roles/sudo/tasks/main.yaml b/roles/sudo/tasks/main.yaml
index d7b07cc..7e15200 100644
--- a/roles/sudo/tasks/main.yaml
+++ b/roles/sudo/tasks/main.yaml
@@ -2,11 +2,13 @@
 - assert:
     that: ansible_user_id != "root"
 
+- include_vars: '{{ansible_os_family}}.yaml'
+
 - name: create /etc/sudoers.d/{user} config file
   become: true
   template:
     src: sudoers
     dest: '/etc/sudoers.d/{{ansible_user_id}}'
-    owner: root
-    group: root
+    owner: '{{sudo_owner}}'
+    group: '{{sudo_group}}'
     mode: '0440'
diff --git a/roles/sudo/vars/Darwin.yaml b/roles/sudo/vars/Darwin.yaml
new file mode 100644
index 0000000..fd6e3b0
--- /dev/null
+++ b/roles/sudo/vars/Darwin.yaml
@@ -0,0 +1,3 @@
+---
+sudo_owner: root
+sudo_group: wheel
diff --git a/roles/sudo/vars/Debian.yaml b/roles/sudo/vars/Debian.yaml
new file mode 100644
index 0000000..5151339
--- /dev/null
+++ b/roles/sudo/vars/Debian.yaml
@@ -0,0 +1,3 @@
+---
+sudo_owner: root
+sudo_group: root