Before we look at how to limit what users can do, let's first look at how to allow a user to do everything, including logging in to the root command prompt. There are a couple of methods for doing that.
Setting up sudo privileges for full administrative users
Adding users to a predefined admin group
The first method, which is the simplest, is to add users to a predefined administrators group and then, if it hasn't already been done, to configure the sudo policy to allow that group to do its job. It's simple enough to do except that different Linux distribution families use different admin groups.
On Unix, BSD, and most Linux systems, you would add users to the wheel group. (Members of the Red Hat family, including...