#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
Defaults	env_keep+=SSH_AUTH_SOCK

# Host alias specification

# User alias specification

# Cmnd alias specification
Cmnd_Alias OP_CMDS = /usr/bin/journalctl, /usr/bin/sngrep, /usr/sbin/tcpdump
Cmnd_Alias DATABASE = /usr/bin/psql, /usr/bin/pg_dump

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo		ALL=(ALL:ALL) NOPASSWD: ALL
%operator	ALL=(root) NOPASSWD:NOEXEC: OP_CMDS
tic		ALL=(postgres) NOPASSWD: DATABASE

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d