Esta é a maneira de fazer isso (na verdade, um exemplo prático):
# ipa sudocmd-add --desc='sudoedit configuration file of IPv4 packet filtering and NAT' 'sudoedit /etc/sysconfig/iptables'
--------------------------------------------------------------
Added Sudo Command "sudoedit /etc/sysconfig/iptables"
--------------------------------------------------------------
Sudo Command: sudoedit /etc/sysconfig/iptables
Description: sudoedit configuration file of IPv4 packet filtering and NAT
# ipa sudocmdgroup-add-member networking --sudocmds='sudoedit /etc/sysconfig/iptables'
Sudo Command Group: networking
Description: commands for network configuration and troubleshooting
Member Sudo commands: sudoedit /etc/sysconfig/iptables
-------------------------
Number of members added 1
-------------------------
Sendo sudoedit um sudo builtin
# ls -lrt /usr/bin/sudoedit
lrwxrwxrwx. 1 root root 4 Apr 8 09:00 /usr/bin/sudoedit -> sudo*
tentando adicionar o sudorule usando /usr/bin/sudoedit
falhará com este erro:
$ sudo -e /etc/sysconfig/iptables
Sorry, user joe is not allowed to execute 'sudoedit /etc/sysconfig/iptables' as root on host.domain.com.
Funciona corretamente para sudo -e
e sudoedit
.