$wgNamespaceProtection lets you do this. Put something like this in your LocalSettings.php:
$wgNamespaceProtection[NS_MAIN] = array( 'edit-main' );
//This restricts editing in the main namespace to people in a group that has the 'edit-main' permission.
$wgGroupPermissions['trusted']['edit-main'] = true;
//This means only people in a new 'trusted' group have the 'edit-main' permission
Alternatively instead of 'trusted', put 'sysop', to mean sysops are the ones who also get to edit the main namespace (as well as deleting pages and other sysop permissions)
But if you do want a new group called 'trusted', then you would probably also want to create pages on your wiki with the following little content snippets, to make the interface describe this new 'trusted' group correctly:
- on a page called
MediaWiki:Group-trusted
put the content 'Trusted' - on a page called
MediaWiki:Group-trusted-member
put the content 'trusted' - on a page called
MediaWiki:Grouppage-trusted
put the content 'Project:trusted'
I'm basing this on the 'ninja' example on Manual:User rights