In order to be more flexible in sudoer rules, I added pcre support to sudo (sudo-pcre.patch).
A pcre enabled sudo can e.g. use the following rules:
# only allow restart and status parameters for some initscripts
%operating ALL = /sbin/service (clamd|postfix|dhcpd|amavisd|postgrey) (restart|status)
# only allow to change password for usernames starting with a two numbers
%operating ALL = /usr/sbin/chsmbpw.pl [0-9][0-9][a-z-]+