On collaborative work, you would give access to others who would be helping you out on the code or system admin stuff.
The question would be, how limited can you go with granting access to the users?
The first thing would be adding the user to the sudoers list, lets say you have created a new user named tom and you want to grant sudo access to this user
You can edit the sudoers file with whatever editor you are using. But the most recommended way would be using visudo
sudo visudo
Grant all the access to user
If you want to give the world access to the user, then add the following line and save the file
tom ALL=(ALL) ALL
tom is the user you want to grant permissions and the first ALL is for the host and the ALL in the bracket is referring to other accounts the user sudouser can act as and the final ALL would be for list of commands – in this case tom has every access provided.
Grant only some commands
Lets say you want to give tom an access of copy and renaming a file
tom ALL=/bin/cp,/bin/mv
The above command would tell the system the user tom has access to cp and mv only. You might need to check the correct binary to cp and mv using which command. That is which cp would tell you the right path to the binary of the cp.
Allow the user everything but installing new softwares using apt-get
Ok, so you might want to give every access to the user but you want to limit installing new softwares using apt-get
tom ALL=ALL,!/usr/bin/apt-get
Here tom can do everything but not apt-get. If you add the ! in front of the command, it means don’t allow.
So using the combinations of the above you can reach the level where you can grant and deny any command for the user of interest
