Controlling sudo re-authentication
Here is a small trick for sudo. Enforcing and controlling that on which sudo commands user is supposed to re-authenticate and which commands can be run without re-authenticating himself.
One option is to use the NOPASSWD tag. This allows a user to run a particular command without giving a password:
alok client = NOPASSWD: /bin/ls, /usr/bin/tail
This would allow alok to use /bin/ls and /usr/bin/tail without authenticating herself, on host machine client.
You can also specify PASSWD later in the list to limit this further:
alok client = NOPASSWD: /bin/ls, /usr/bin/tail, PASSWD:/bin/kill
This would allow all three commands, but for /bin/kill, alok would have to re-authenticate.
Here is screenshot from my machine.