Originally Posted by SL00b
Apparently you're not using visudo to edit this. The syntax of your statement "SUDOMODIFIERS All= SUDOCMDS" looks strange, because the spaces are off around the = sign and the "All" is mixed case. So I opened my sudoers file in visudo, and while it didn't mind the spacing, it did mind the mixed case. When I changed "All" to all caps, it was fine. Try making that fix yourself and see how it works out. Also, use visudo to edit it, instead of vi/vim.
As mentioned before, you can't use sudo to control access to individual files, because sudo only focuses on rights to execute programs, so the references to /etc/passwd and /etc/group can be removed. That means that all you're trying to accomplish here is to grant two users access to the shutdown command, which can be accomplished a lot simpler. Just create a user group (for the purposes of this example, we'll call it "shutdown"), and add this line to the user privilege section:
# User privilege specification
root ALL=(ALL) ALL
%shutdown ALL = /sbin/shutdown
The Cmnd Alias specifications are all well and good when you need to grant users access to long lists of commands, but since you're only doing one here, it's overkill.
I actually always use sudo visudo for editing the sudoers file.
And thank you very much for the accurate observation. Everybody else missed it, yes, indeed it was all because of "All" instead of "ALL" as you mentioned above.
Everything is working now.
My new user "bob" now can shut down, and can even access the /etc/passwd file, or add users,..., or even modify sudoers file.
I used the /usr/sbin/passwd following this example for Command Alias from the link below about sudoers file. This is an ubuntu community Guide so must be credible.
Cmnd_Alias ADMIN_CMDS = /usr/sbin/passwd, /usr/sbin/useradd, /usr/sbin/userdel, /usr/sbin/usermod, /usr/sbin/visudo