Short answer: It's probably possible
Long answer: It may not be practical. (Note: If I'm explaining things you already know, no offense) A normal desktop distribution would have a much simpler sudoers file, often granting full permissions for selected users. Given that the N900 is meant for quick, easy access, and Nokia's policy of focusing on external security (because let's face it - if someone steals your phone, a root password isn't exactly going to slow them down if they want your data/whatever, and if they just want the phone, then they're not going to mess with that anyway), they added exceptions to the sudoers file for apps that need root access. Most of those lines read more or less as "let user 'user' do whatever the heck they want with app 'foo'".
I don't know exactly what the deal with rootsh is, so it might not be as easy as just messing with sudo & friends as on a normal distro. However, as far as sudo goes, the thing to do would be to restrict access more by modifying the exceptions in the sudoers file (e.g. the NOPASSWD part - man sudo on a desktop should tell you what to do there - the basic syntax isn't terribly complicated). I wouldn't be surprised if just doing that horribly breaks things, though. The other issue you'll run into is that there is no Maemo equivalent of gksu/do or kdesu/do, so at best you'd have to port or write something like that for Maemo as well, unless you wanted to launch half of your apps from the console.
To put it concisely, the phone was designed around a different use-case, and a different security model than what *nix is usually used for, so trying to lock it down in the convential way is kind of working against the design.
As a further note (and don't quote me on this), you might (*might*) have an easier time with Mer. Last I tried it, sudo worked like sudo should, although I believe the App Manager and such still had exceptions as in Maemo.