Setting up sudo for users with only certain delegated privileges
A basic tenet of IT security philosophy is to give network users enough privileges so that they can get their jobs done, but no privileges beyond that. So, you’ll want as few people as possible to have full sudo privileges. (If you have the root user account enabled, you’ll want even fewer people to know the root password.) You’ll also want a way to delegate privileges to people according to what their specific jobs are. Backup admins will need to be able to perform backup tasks, help desk personnel will need to perform user management tasks, and so on. With sudo, you can delegate these privileges and disallow users from doing any other administrative jobs that don’t fit their job description.
The best way to explain this is to have you open visudo on any of the RHEL-type virtual machines. CentOS 7, AlmaLinux 8, and AlmaLinux 9 all work well for this. So, go ahead and start up one of them...
