Preventing users from having root shell access

Let's say that you want to set up a user with limited sudo privileges, but you did so by adding a line like this:

maggie ALL=(ALL) /bin/bash, /bin/zsh

I'm sorry to say that you haven't limited Maggie's access at all. You have effectively given her full sudo privileges with both the Bash shell and the ZSH shell. So, don't add lines like this to your sudoers because it will get you into trouble.