diff --git a/tests/README.md b/tests/README.md
index 11a87022..51464989 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -77,9 +77,12 @@ also by Ansible's `osx_setup.yml`.
     These accounts do not have passwords set. They exist to test the Ansible
     interpreter recycling logic.
 
+`mitogen__sudo1` .. `mitogen__sudo4`
+    May passwordless sudo to any account.
+
 `mitogen__webapp`
     A plain old account with no sudo access, used as the target for fakessh
-    tddests.
+    tests.
 
 
 # Ansible Integration Test Environment
diff --git a/tests/data/docker/001-mitogen.sudo b/tests/data/docker/001-mitogen.sudo
index 95b36f3b..71e20e6a 100644
--- a/tests/data/docker/001-mitogen.sudo
+++ b/tests/data/docker/001-mitogen.sudo
@@ -7,8 +7,3 @@ mitogen__has_sudo_nopw ALL = (mitogen__require_tty_pw_required) ALL
 Defaults>mitogen__pw_required targetpw
 Defaults>mitogen__require_tty requiretty
 Defaults>mitogen__require_tty_pw_required requiretty,targetpw
-
-mitogen__condel1 ALL=(ALL:ALL) NOPASSWD:ALL
-mitogen__condel2 ALL=(ALL:ALL) NOPASSWD:ALL
-mitogen__condel3 ALL=(ALL:ALL) NOPASSWD:ALL
-mitogen__condel4 ALL=(ALL:ALL) NOPASSWD:ALL
diff --git a/tests/image_prep/_user_accounts.yml b/tests/image_prep/_user_accounts.yml
index 0c1f6045..1cb41a86 100644
--- a/tests/image_prep/_user_accounts.yml
+++ b/tests/image_prep/_user_accounts.yml
@@ -22,11 +22,19 @@
       - require_tty_pw_required
       - slow_user
       - webapp
+      - sudo1
+      - sudo2
+      - sudo3
+      - sudo4
 
     user_groups:
       has_sudo: ['mitogen__group', '{{sudo_group[distro]}}']
       has_sudo_pubkey: ['mitogen__group', '{{sudo_group[distro]}}']
       has_sudo_nopw: ['mitogen__group', 'mitogen__sudo_nopw']
+      sudo1: ['mitogen__group', 'mitogen__sudo_nopw']
+      sudo2: ['mitogen__group', '{{sudo_group[distro]}}']
+      sudo3: ['mitogen__group', '{{sudo_group[distro]}}']
+      sudo4: ['mitogen__group', '{{sudo_group[distro]}}']
 
     normal_users: "{{
       lookup('sequence', 'start=1 end=5 format=user%d', wantlist=True)