It does seem rather permissive at first glance. Maybe I'm just paranoid, but you have Fourteen accounts that can do whatever they like and a further three with restricted access, however all of them could edit replace the
sudoers file and therefore do whatever they like too. If they can
chmod, they can make it world writeable, edit it and then set the permissions back. With
mv and
cp, they can simply overwrite the
sudoers file, or any file, such as
/etc/passwd or
/etc/security/passwd even.
Entries in this file should be very carefully considered and grant just the bare minimum required to do the job. if there are partial commands that you want to allow, e.g.
cp in some directories but not in others, then you would be better to script up what they are allowed and grant them
sudo privileges to run your script. Make sure that your script is secure from tampering too!
Developers just love having access to everything because it makes things easy, but security is like birth control - it gets in the way, but if your are caught out it can be very expensive to manage the impact.
That said, I don't immediately see anything syntactically wrong. You don't have a user
guy defined though, so I will do some testing with others.
I don't suppose you were logged in or
sued to an account not listed were you?
Robin