description: per-command authorization for cmd= and cmd-arg= av-pairs
authorization group id; regex with permitted commands; regex with deny commands; regex with permitted command arguments; regex with deny command arguments
.* - all [^.*] - nothing
permit any commands and arguments
.* | | .* | -----+-----+-----+-----
| .* | | .* -----+-----+-----+-----