You want to allow a user authorization privileges only on certain machines.
First, define a list of machines:
/etc/sudoers: Host_Alias SAFE_HOSTS = avocado, banana, cherry
Let smith run a program as jones on these machines:
smith SAFE_HOSTS = (jones) /usr/local/bin/mycommand
Let smith run all programs as jones on these machines:
smith SAFE_HOSTS = (jones) ALL
As an alternative, you can define a netgroup, in the /etc/netgroup file:
safe-hosts (avocado,-,-) (banana,-,-) (cherry,-,-)
Then use the netgroup in the /etc/sudoers file, with the "+" prefix:
Host_Alias SAFE_HOSTS = +safe-hosts
You can also use the netgroup in place of the host alias:
smith +safe_hosts = (jones) ALL
This recipe assumes you have centralized your sudo configuration: the same sudoers file on all your computers. If not, you could grant per-machine privileges by installing a different sudoers file on each machine.
Netgroups can be useful for centralization if they are implemented as a shared NIS database. In that case, you can update the machines in netgroups without changing your /etc/sudoers files.
The host alias is optional but helpful for organizing your sudoers file, so you needn't retype the set of hostnames repeatedly.
As another example, you could let users administer their own machines but not others:
/etc/sudoers: bob bobs_machine = ALL gert gerts_machine = ALL ernie ernies_machine = ALL
(Though this is perhaps pointless infrastructure, since ALL would permit these people to modify their /etc/sudoers file and their root password.)
sudo(8), sudoers(5).