Is it possible to give sudo access to only a particular command?
Solution 1:
Yes.
Make a new group, web (call it what you wish)
sudo addgroup web
Add your developer(s) to the web group (use their login name).
sudo adduser your_developer_user web
Then run sudo visudo -f /etc/sudoers.d/somefile
(use a meaningful name instead of somefile
).
Add in a line (use the full path of the command):
%web ALL=(ALL) /usr/bin/service apache2 *
The developers can then run
sudo service apache
using their login password.
Do NOT add your admin user to the web group.
See man sudoers for additional information