Is it possible to give sudo access to only a particular command?

Solution 1:

Yes.

Make a new group, web (call it what you wish)

sudo addgroup web

Add your developer(s) to the web group (use their login name).

sudo adduser your_developer_user web

Then run sudo visudo -f /etc/sudoers.d/somefile (use a meaningful name instead of somefile).

Add in a line (use the full path of the command):

%web ALL=(ALL) /usr/bin/service apache2 *

The developers can then run

sudo service apache

using their login password.

Do NOT add your admin user to the web group.

See man sudoers for additional information