#
# sudoers
#
#
# Zoidial, Inc.
# Eric Thern, eric (at) zoidial.com
#
# default sudoers for a secure shellserver installation
# hopefully with enough checks to keep people from messing
# with the real 'root' account.
#
# although that is hard to do.  I know pXr would know how.  damn him.
#


Defaults               syslog=auth
Defaults:FULLTIMERS    !lecture
#Defaults:millert       !authenticate
Defaults       log_year, logfile=/var/log/sudo.log


root    ALL=(ALL) ALL

User_Alias	ADMINS = zoidial
User_Alias	ACCOUNTS = someotheruser

Cmnd_Alias	PASSWD = /usr/bin/passwd [!-][A-z]*, !/usr/bin/passwd *root*
Cmnd_Alias	CHSH = /usr/bin/chsh [!-]?[A-z]*, /usr/bin/chsh -s??[A-z]*, !/usr/bin/chsh *root*, !/usr/bin/chsh -s*root*
Cmnd_Alias	EDQUOTA = /usr/sbin/edquota [!-]?[A-z]*, /usr/sbin/edquota -u?[A-z]*, /usr/sbin/edquota -p?[A-z]*, \
			!/usr/sbin/edquota *root*, !/usr/sbin/edquota -u*root*, !/usr/sbin/edquota -p*root*
Cmnd_Alias	QUOTA = /sbin/quota ?[A-z]*, !/sbin/quota [], !/sbin/quota *root*
Cmnd_Alias	USER = /usr/local/sbin/w
Cmnd_Alias	NETWORK = /sbin/ping, /usr/sbin/traceroute, /usr/bin/netstat


ADMINS		ALL = NOPASSWD: PASSWD, CHSH, QUOTA, USER, NETWORK, EDQUOTA