We recently had an accidental delete from /. I hold the root password but others are allowed to sudo over to root to perform admin tasks. The only way I want to permit deletion from / is by physically being root (su -).
I'd like to add a line to the sudoers file which would permit all commands except rm from the / directory.
Could I use something like the following?
OPS ALL = !/usr/bin/rm / *,!/usr/bin/rm /usr *,!/usr/bin/rm /opt *
Thanks.