Ubuntu can use sudo directly by default. how does centos7 configure sudo?

  linux, question

The ultimate goal to be achieved:
1. Ordinary users can use sudo, but they do not need to enter the password every time.
2. Ordinary users cannot modify passwords of other accounts.

Baidu once said it would be implemented by modifying the /etc/sudoers file, but because it is a bit multifarious, I am not sure after reading it. I have two questions:

/etc/sudoersDocuments:

root   ALL=(ALL) ALL
 
 //1. test1 is equivalent to root account
 test1  ALL=(ALL) ALL
 
 //2. Give account test2 all the operation rights except modifying other account passwords
 test2  ALL=(root) ALL, !  /usr/bin/passwd [A-Za-z]*, !  /usr/bin/passwd root
 
 
 //3. If you don't want to verify the password every time you use sudo, timestamp_timeout=-1 means that you only need to verify the password once, and then the system will automatically remember it. runasp needs the root password. If you don't add the default, you need to enter the password of the ordinary account:
 Defaults:test1,test2 timestamp_timeout=-1,runaspw

Question 1:
Note point 2:test2 ALL=(root) ALLAnd so ontest2 ALL=(ALL) ALLWhat’s the difference? In other words, root in brackets is changed to ALL.

Question 2:
Note point 3: what is runaspw? Baidu did not have much content.

Question 3:
Is there any need to modify the method in sudoers file above?

A=(B)C

This means that the user can execute the C command operation with the B user on the host computer in A.
Specifically speaking

ALL=(ALL)ALL:

The user can execute any command with any user anywhere.

ALL=(root)ALL:

The user can execute any command as root anywhere.

runaspw:

By default, you need to enter the root password to run the command, not the password of the current user, so this setting is normally turned off.

timestamp_timeout=-1:

Enter the password once until the restart is no longer verified, and you can set an approximate time. This setting is no different from using root user.

References:
sudoers
Or linux command lineman 5 sudoers