[sudo-users] best way to user sudo for a long running back group process

[Davis Roman]

hello,

I have a daemon called powermanager running as the non-root user, power.

In /etc/sudoers.d/power, I have the following:
power ALL=(ALL) NOPASSWD: ALL

I know that the above statement essentially gives the powermanager
process root priveleges
however, in the future, I'd like to have the option to enforce that
certain commands/files not be used.
My understanding is that the sudoers file would be the place to place
these rules.
( ie: disable ability to open file /dev/foobar )

Therefore on startup, I configured my systemd unit file to run as the
power user however I'm trying to figure out which is best:

1. launch this process as 'sudo powermanager'

or

2.  launch my process as just 'powermanager' and let the process deal
with invoking sudo when it needs to open files in /dev/


Any feedback would be greatly appreciated.

Thank you,

Davis