~whereswaldon/arbor-infra

1

User Password Handling

Details
Message ID
<dc556af2-8dde-473f-682d-39559402ebd7@linuxmail.org>
DKIM signature
missing
Download raw message
Working on the deploy scripts I ran into the first thing I want some
opinions on.
First: I figure it's easiest to just have a single admin user who
everyone on The List can log into.
Is anyone opposed to this?

Second: Given this, how do we want to handle sudo?
Does the admin user (who can only be logged in via ssh key) have
passwordless sudo access or should we have a shared password we just
keep secret?
Details
Message ID
<5334835C-86CC-4718-A1F8-7EED8221F036@gmail.com>
In-Reply-To
<dc556af2-8dde-473f-682d-39559402ebd7@linuxmail.org> (view parent)
DKIM signature
missing
Download raw message
On February 5, 2021 8:57:21 PM EST, Daniel Wilkins <tekk@linuxmail.org> wrote:
>Working on the deploy scripts I ran into the first thing I want some
>opinions on.
>First: I figure it's easiest to just have a single admin user who
>everyone on The List can log into.
>Is anyone opposed to this?

I think this is fine for what we need.

>Second: Given this, how do we want to handle sudo?
>Does the admin user (who can only be logged in via ssh key) have
>passwordless sudo access or should we have a shared password we just
>keep secret?

Let's just do passwordless sudo for that account. The extra security doesn't buy us much right now, I think.

Happy to discuss this if anyone feels otherwise.

Cheers,
Chris
Reply to thread Export thread (mbox)