If you lock down everything, you either need to hand out keys, or plan on doing everything yourself, and getting overwhelmed.
Probably the single most power ful tool in Linux land to keep people from having to be “root” is the group concept. For example, if I want people to run Docker containers, they need to be able to talk to the Docker socket. The root user can do this by virtue of its global access. However, the more limited access approach is to add a user to the docker group.
Continue reading