nagios ALL=NOPASSWD: /bin/bash -c /usr/lib/nagios/plugins/check_ide_smart *
This should work and allow arguments.
Although sudo is commonly used together with su command, thinking sudo su is the only way to do is a mistake.
sudo has many options for setting what to execute by who (ether user of group of users) on which host. A fine-grained sudoers file (or LDAP entry, if sudo-ldap is involved) together with a clever mind of a sysadmin can end up in rules which may not compromise system security even the user account has been compromised.
let's see a real-word example:
$ sudo -l
User exampleuser may run the following commands on this host:
(root) /opt/xmldns/gen.sh
(root) /usr/bin/make -C /root/admin
(root) /usr/sbin/xm list, /usr/sbin/xm dmesg
(root) /usr/sbin/zorpctl stop, /usr/sbin/zorpctl start, /usr/sbin/zorpctl status
(root) /etc/init.d/apache status, /etc/init.d/apache stop, /etc/init.d/apache start
(root) /usr/local/bin/protodump.sh httpreq
(root) /usr/sbin/xm console
$
If one does not let user sudo-exec su/bash or other shell neither directly (sudo su) nor indirectly (letting an editor spawn with root, which could be used to spawn shell - in this case, root), sudo is a friend of a system administrator and users too.
Returning to the question in topic, if sudo is disabled and su is the only way becoming root on a system, one would plant a fake su command (for example in ~/.../fakesu) and an alias like
alias su='~/.../fakesu'
in the rc file of the user's login shell.
In this case a simple su command (raise hands, who uses /bin/su for invoking) would end up calling the fakesu command, which may capture the password.
Best Answer
When you invoke sudo (without an explicit user argument), you are effectively root for the duration of that command. If the command launches a new shell, all commands run from that shell are also root. So yes, anything you do with sudo can affect the entire server.
For more detail on exactly how it works, see the following Unix StackExchange question:
How does sudo really work?