AH!!....the sudo option sounds like the way to go!!!!
This way, once he is done modifying what he needs to I can simply remove it from the sudoers file and he will no longer have access.
Would he use the same password to authenticate as his normal user password?
then vi filename
i.e. sudo vi filename
Oh and I think "apache2" directory which is /usr/local/apache2/....is created when you compile a new apache server from source....