Could you post the output from truss, while you use vim to edit and save a file in a way that destroys the NFSv4 ACLs?truss -f -a -vall -l -d -o /truss/output/file vim /file/with/nfsv4/acls
AFAIK the roles belong to RBAC, and sudo works without RBAC.
That means sudo should work even without the root role.
--
BTW positive logic is shorter:
grep '^[^#]' /etc/sudoers