Sudo Configuration on Debian etch

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done.

this is the example sudoers configuration at /etc/sudoers :

Defaults env_reset

# Host alias specification

# User alias specification
User_Alias Operator=mike, lula, abel
User_Alias Ordinary=summer
User_Alias ADMIN=debi, ian

# Cmnd alias specification
Cmnd_Alias SU=/bin/su
Cmnd_Alias UIP=/root/script/dialog5
Cmnd_Alias MTR=/usr/bin/mtr
Cmnd_Alias IFTOP=/usr/sbin/iftop
Cmnd_Alias IPTRAF=/usr/bin/iptraf
Cmnd_Alias TAR=/bin/tar
Cmnd_Alias CHATTR=/usr/bin/chattr
Cmnd_Alias VISUDO=/usr/sbin/visudo
Cmnd_Alias FPING=/usr/bin/fping
Cmnd_Alias SHELLS = /bin/sh, /bin/csh, /bin/bash, \
/usr/bin/tcsh, /usr/bin/rsh
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
Operator ALL=(ALL) NOPASSWD: ALL,!SU,!CHATTR,!VISUDO,!SHELLS
Ordinary ALL=(ALL) NOPASSWD: UIP
ADMIN ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now

after edit, please save and restart with this command :
~# /etc/init.d/sudoers restart

the configuration above, especially on this line :

# Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
Operator ALL=(ALL) NOPASSWD: ALL,!SU,!CHATTR,!VISUDO,!SHELLS
Ordinary ALL=(ALL) NOPASSWD: UIP
ADMIN ALL=(ALL) NOPASSWD: ALL

its tell that for Operator, Ordinay and ADMIN have different command and privillages.