Sudoers is all about the order you do stuff in. This is my sudoers from a while ago.
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
# Host alias specification
# User alias specification
# Cmnd alias specification
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, /usr/bin/bash \
/usr/local/bin/tcsh, /usr/bin/jsh, /usr/bin/ksh, /usr/bin/tcsh, \
/usr/bin/zsh
Cmnd_Alias RESTRICT = /usr/sbin/init, /usr/sbin/shutdown, /usr/bin/passwd, /sbin/su, \
/usr/sbin/pkgadd, /usr/sbin/pkgrm, SHELLS
# Defaults specification
Defaults logfile=/var/log/sudolog
# Runas alias specification
# User privilege specification
root ALL=(ALL) SETENV: ALL
exlibris libtest2=(ALL) ALL #,!RESTRICT
aleph libtest2=(ALL) ALL,!RESTRICT
uraa081 libtest2=(ALL) ALL
upaa059 libtest2=(ALL) ALL
uhye001 libtest2=(ALL) ALL,!SHELLS
uqab025 libtest2=(ALL) ALL,!SHELLS
|