[sudo-users] Restrict shells but allow execution of init scripts

[Robert Petkus]

Folks,
I'm looking for a way to restrict users from launching a root shell 
using sudo but would like to allow the execution of system init shell 
scripts.  What would be the most logical means to proceed?

Currently, I have config lines like so:
Cmnd_Alias      SHELLS = /usr/bin/*sh*, /sbin/*sh*, /bin/*sh*
POWERUSERS    ..., !SHELLS

Thanks in advance!
Robert