Below is my suders file. The goal is to let users in group admin do basic
startup and shutdown stuff and manage passwords of users (but not root).
Does this look like a secure setup? 

# User alias specification
User_Alias ADMIN = %admin
# Cmnd alias specification
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias HALT = /sbin/halt
Cmnd_Alias REBOOT = /sbin/reboot
Cmnd_Alias RESTART = /etc/rc.d/init.d/httpd restart, 
/etc/rc.d/init.d/junkbuster restart, /etc/rc.d/init.d/smb restart
Cmnd_Alias PASSWORD = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root,
!/usr/bin/passwd admin, !/usr/bin/passwd [users with admin access]
Cmnd_Alias USERCONTROL = /usr/sbin/useradd, /usr/sbin/userdel,
/usr/sbin/usermod

# User privilege specification
root    ALL=(ALL) ALL
ADMIN   ALL = NOPASSWD: SHUTDOWN, HALT, REBOOT, RESTART
ADMIN   ALL = PASSWORD, USERCONTROL


---------------------------------------------------------------------
To unsubscribe, e-mail: tclug-list-unsubscribe at mn-linux.org
For additional commands, e-mail: tclug-list-help at mn-linux.org