From 58c9bfa1b36c9801dda661d642cd939f7a268f8e Mon Sep 17 00:00:00 2001
From: Keith Whyte <keith@rhizomatica.org>
Date: Fri, 17 Mar 2023 20:15:01 +0100
Subject: [PATCH] sudoers update

---
 modules/rhizo_base/files/etc/sudoers.Debian | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/rhizo_base/files/etc/sudoers.Debian b/modules/rhizo_base/files/etc/sudoers.Debian
index b0d1602..af3378f 100644
--- a/modules/rhizo_base/files/etc/sudoers.Debian
+++ b/modules/rhizo_base/files/etc/sudoers.Debian
@@ -16,12 +16,16 @@ Defaults	env_keep+=SSH_AUTH_SOCK
 # User alias specification
 
 # Cmnd alias specification
+Cmnd_Alias OP_CMDS = /usr/bin/sngrep
+Cmnd_Alias DATABASE = /usr/bin/psql, /usr/bin/pg_dump
 
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 
 # Allow members of group sudo to execute any command
-%sudo	ALL=(ALL:ALL) NOPASSWD: ALL
+%sudo		ALL=(ALL:ALL) NOPASSWD: ALL
+%operator	ALL=(root) NOPASSWD:NOEXEC: OP_CMDS
+tic		ALL=(postgres) NOPASSWD: DATABASE
 
 # See sudoers(5) for more information on "#include" directives: