Also a very interesting question!

I just tested this with "visudo" and it does not intercept this.

If "su" is disabled, you are locked out and you are forced to enter your 
system via a live USB stick and a "chroot" in order to edit 
"/etc/shadow" to set a root password via "mkpasswd" and enable "su". 
Nice. :D

-Ramon

On 26/10/2022 18:52, Grant Taylor wrote:
> What if someone were to put the following into /etc/sudoers.d/zzzzzzzzzz
>
>    ALL ALL=(ALL) !ALL
>
> }:-)

-- 
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF