Can I have two users, one above other, but all can run all sudo commands and run all sudo applications, except user below, is not allowed specific small group of actions,set by user above. Ideally, both are admins, but one is not allowed all actions. For example, both have same privileges, except user below is not allowed only to edit /etc/hosts file.
hosts
file so that only the allowed admin can edit that. Is that what you want?sudo
, and the answer almost always is that it's impossible. If you give a user broad administrative rights, they can break through and gain full power.