All users other than root are plain old users. If you want a plain old
user to do something special you can do things like use 'sudo' or similar
programs (NetIQ/Novell Privileged User Manager (NPUM)) to make this
more-automatic, policy-based, and very configurable. As a general
security principle, though, running as somebody powerful 24x7 is a bad
idea, which is why things like 'sudo' require you to use the 'sudo'
command to cal something as another user, so then you do not need to worry
about accidentally destroying your computer unless you are also using
'sudo' at the same time. The same applies for most things that provide
elevated privileges, though NPUM has an option to use a powerful shell, so
even though you login as your user you immediately become very powerful.

For what you want to have happen, NPUM is for you. For everybody else,
'sudo' is usually the best bet. sudo configuration can be centralized in
an LDAP directory, so that may be something for you to work out as well so
that you can give 'joe' rights to run Apache httpd-related commands on
boxes, and 'Janet' access to run filesystem quota commands on boxes,
without touching every single box for every single change in rights that
ever happens.

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...