Nice article. One additional note about NOPASSWORD, if you give a user the NOPASSWORD option on any command then they (or anyone who has subverted their account) can run "sudo -l" to find out all of the commands they can run with sudo without needing to know the user's password. This is a realistic scenario in your situation where users aren't overly paranoid/trust too many people in a social setting.
Nice article. One additional note about NOPASSWORD, if you give a user the NOPASSWORD option on any command then they (or anyone who has subverted their account) can run "sudo -l" to find out all of the commands they can run with sudo without needing to know the user's password. This is a realistic scenario in your situation where users aren't overly paranoid/trust too many people in a social setting.