sudo tips

chroot allow

>sudoers
user  ALL = NOPASSWD: /usr/sbin/chroot -u user  /workdirectory
>command
 sudo /usr/sbin/chroot -u user /workdirectory

allow only service restart and edit config
>sudoers
user ALL=NOPASSWD: /etc/init.d/lighttpd restart, /usr/bin/vim /etc/lighttpd/lighttpd.conf