#
# sudoers config
#
# default sudoers for a secure shellserver installation
# hopefully with enough checks to keep people from messing
# with the real 'root' account.
#
# although that is hard to do.  I know pXr would know how.  damn him.
#
# thanks to eric at thern.org for helping me set this up
# 
# Look over this file before you use it please
# I have checked it over and over again, but please.... 
# be careful with this...
#
# http://www.rootednetworks.com
# sigterm at rootednteworks.com

Defaults               syslog=auth
Defaults:FULLTIMERS    !lecture
Defaults       log_year, logfile=/var/log/sudo.log


root    ALL=(ALL) ALL

User_Alias	ADMINS = zoidial, sigterm, adam
User_Alias	ACCOUNTS = somedumbuserpXr 

Cmnd_Alias	PASSWD = /usr/bin/passwd [!-][A-z]*, !/usr/bin/passwd *root*
Cmnd_Alias	CHSH = /usr/bin/chsh [!-]?[A-z]*, /usr/bin/chsh -s??[A-z]*, !/usr/bin/chsh *root*, !/usr/bin/chsh -s*root*
Cmnd_Alias	EDQUOTA = /usr/sbin/edquota [!-]?[A-z]*, /usr/sbin/edquota -u?[A-z]*, /usr/sbin/edquota -p?[A-z]*, \
			!/usr/sbin/edquota *root*, !/usr/sbin/edquota -u*root*, !/usr/sbin/edquota -p*root*
#Cmnd_Alias	QUOTA = /sbin/quota ?[A-z]*, !/sbin/quota [], !/sbin/quota *root*
Cmnd_Alias	USER = /usr/local/sbin/w, /usr/bin/uptime
Cmnd_Alias	NETWORK = /sbin/ping, /usr/sbin/traceroute, /usr/bin/netstat, /usr/bin/sockstat
Cmnd_Alias	TAIL = /usr/bin/tail -* /var/log/all.log, /usr/bin/tail -* /var/log/messages, /usr/bin/tail -* /var/log/user.log 
Cmnd_Alias	BASICS = /bin/cat, /bin/ls, /usr/bin/cd, !/bin/cat /etc/master.passwd, !/bin/cat master.passwd 
Cmnd_Alias	WATCH = /usr/bin/who, /usr/bin/last -* , /bin/ps * 


#ADMINS		ALL = NOPASSWD: PASSWD, CHSH, QUOTA, USER, NETWORK, EDQUOTA
ADMINS		ALL = NOPASSWD: PASSWD, CHSH, USER, NETWORK, TAIL, BASICS, WATCH