Create a rule as such:

ALL ALL=(ALL:ALL) NOPASSWD: /bin/mkdir www ""

This reads something like: "Allow any user on any domain to act as any user:group without asking for a password to execute the exact command "mkdir www" (using only /bin/mkdir, and not some other mkdir). The ending set of quotes tells sudo not to allow any further arguments.

(Rules are determined in order with the last matching rule taking effect. If you have another rule after this one that would cover the same command (such as ALL) it would take effect instead. I had a problem in my own config where I was specifying %sudo ALL=(ALL:ALL) ALL afterwards. Since this rule matches the situation, but requires a password, a password was being asked.)

Really this isn't the way to do something like this. Parts of your description imply that you have things setup in a bizarre way. I won't get into that as it's out of scope but, to accomplish what you want and more flexibility, there may be a better way. It seems you want to let users create sub-directories with a specific name owned by the owner of the parent directory. Instead, create a script that does what you want (looks up current directory, determines its owner and group, creates a directory www here, chmod the new directory to the determined user and group.), and have the script allowed as run-able by root without password in the sudo config. Doing it this way means that the user only has to navigate to the directory then sudo create-www or whatever. You'll also be able to configure other rules in the script such as ones only allowing www to be created in certain directories.

Here's how I setup a non-root user with the base image of ubuntu:18.04:

RUN \
    groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo && \
    sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
    sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' && \
    sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' && \
    echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \
    echo "Customized the sudoers file for passwordless access to the foo user!" && \
    echo "foo user:";  su - foo -c id

What happens with the above code:

• The user and group foo is created.
• The user foo is added to the both the foo and sudo group.
• The uid and gid is set to the value of 999.
• The home directory is set to /home/foo.
• The shell is set to /bin/bash.
• The sed command does inline updates to the /etc/sudoers file to allow foo and root users passwordless access to the sudo group.
• The sed command disables the #includedir directive that would allow any files in subdirectories to override these inline updates.

This can be done non-interactively if you don't need it for Docker by removing the trailing slashes after the && commands:

groupadd -g 999 foo && useradd -u 999 -g foo -G sudo -m -s /bin/bash foo &&
sed -i /etc/sudoers -re 's/^%sudo.*/%sudo ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^root.*/root ALL=(ALL:ALL) NOPASSWD: ALL/g' &&
sed -i /etc/sudoers -re 's/^#includedir.*/## **Removed the include directive** ##"/g' &&
echo "foo ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers &&
echo "Customized the sudoers file for passwordless access to the foo user!" &&
echo "foo user:";  su - foo -c id