Background: Virtual Private Server

I have a virtual private server that I'm looking to host multiple websites on, and provide access to another web developer. I don't care about putting too many constraints on him, though I wouldn't mind isolating the site that he'll be developing from other sites on the server that I will develop.

The problem: retain control

Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example.

I need him not to be able to:

• take away other admin permissions
• change the root password
• have control over other security/administrative functions

I would like him to still be able to:

• install software (through apt-get)
• restart apache
• access mysql
• configure mysql/apache
• reboot
• edit web development configuration type files in /etc/

Other Standard Setups would be happily considered

I've never really set up a good sudoers file, so simple example setups would be very useful, even if they're only somewhat similar to the settings that I'm hoping for above.

Edit: I have not yet finalized permissions, so standard, useful sudo setups are certainly an option, the lists above are more what I'm hoping I can do, I don't know that that setup can be done. I'm sure that people have solved this type of problem before somehow, though, and I'd like to go with something somewhat tested as opposed to something I've homegrown.