From e9ba3dc01e5aae2230a3c9b312da0d5819d1f02b Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Sat, 28 Jun 2025 13:45:52 -0400
Subject: [PATCH] Added steps for SERVICE_USER group creation

---
 CI_CD_PIPELINE_SETUP_GUIDE.md     | 12 ++++++++++--
 PRODUCTION_LINODE_MANUAL_SETUP.md |  7 ++++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md
index a82fc9d..ac2b278 100644
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@@ -384,7 +384,11 @@ sudo apt install -y \
 #### 2.1 Create Service Account
 
 ```bash
-sudo useradd -r -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER
+# Create dedicated group for the service account
+sudo groupadd -r SERVICE_USER
+
+# Create service account user with dedicated group
+sudo useradd -r -g SERVICE_USER -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER
 echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
 ```
 
@@ -1067,7 +1071,11 @@ sudo apt install -y \
 #### 13.1 Create the SERVICE_USER User
 
 ```bash
-sudo useradd -r -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER
+# Create dedicated group for the service account
+sudo groupadd -r SERVICE_USER
+
+# Create service account user with dedicated group
+sudo useradd -r -g SERVICE_USER -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER
 echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
 ```
 
diff --git a/PRODUCTION_LINODE_MANUAL_SETUP.md b/PRODUCTION_LINODE_MANUAL_SETUP.md
index 8fac3b5..94e14d0 100644
--- a/PRODUCTION_LINODE_MANUAL_SETUP.md
+++ b/PRODUCTION_LINODE_MANUAL_SETUP.md
@@ -211,11 +211,16 @@ sudo apt install -y \
 #### 2.1 Create the SERVICE_USER User
 
 ```bash
-sudo useradd -r -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER
+# Create dedicated group for the service account
+sudo groupadd -r SERVICE_USER
+
+# Create service account user with dedicated group
+sudo useradd -r -g SERVICE_USER -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER
 echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd
 ```
 
 **What this does**: 
+- Creates a dedicated group for the service account
 - Creates a dedicated service account named `SERVICE_USER`
 - Generates a random 32-character password
 - **Note**: This user has no sudo privileges for security (principle of least privilege)