From fdaec65250776c82988906efab5fb9ac3bb0239b Mon Sep 17 00:00:00 2001 From: continuist Date: Sat, 28 Jun 2025 13:33:12 -0400 Subject: [PATCH] Remove sudo access from SERVICE_USER in guides --- CI_CD_PIPELINE_SETUP_GUIDE.md | 2 -- PRODUCTION_LINODE_MANUAL_SETUP.md | 5 ++--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md index 58a1462..c3a8c62 100644 --- a/CI_CD_PIPELINE_SETUP_GUIDE.md +++ b/CI_CD_PIPELINE_SETUP_GUIDE.md @@ -385,7 +385,6 @@ sudo apt install -y \ ```bash sudo useradd -r -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER -sudo usermod -aG sudo SERVICE_USER echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd ``` @@ -1059,7 +1058,6 @@ sudo apt install -y \ ```bash sudo useradd -r -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER -sudo usermod -aG sudo SERVICE_USER echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd ``` diff --git a/PRODUCTION_LINODE_MANUAL_SETUP.md b/PRODUCTION_LINODE_MANUAL_SETUP.md index 53dcf00..8fac3b5 100644 --- a/PRODUCTION_LINODE_MANUAL_SETUP.md +++ b/PRODUCTION_LINODE_MANUAL_SETUP.md @@ -212,21 +212,20 @@ sudo apt install -y \ ```bash sudo useradd -r -s /bin/bash -m -d /home/SERVICE_USER SERVICE_USER -sudo usermod -aG sudo SERVICE_USER echo "SERVICE_USER:$(openssl rand -base64 32)" | sudo chpasswd ``` **What this does**: - Creates a dedicated service account named `SERVICE_USER` -- Gives it sudo privileges for administrative tasks - Generates a random 32-character password +- **Note**: This user has no sudo privileges for security (principle of least privilege) **Expected output**: No output (successful user creation is silent). **If something goes wrong**: - If user already exists: `sudo userdel -r SERVICE_USER` then retry - Check user creation: `id SERVICE_USER` -- Verify sudo access: `sudo -u SERVICE_USER sudo -l` +- Verify user exists: `getent passwd SERVICE_USER` #### 2.2 Verify Service Account