User Password Handling

Details

Message ID: <dc556af2-8dde-473f-682d-39559402ebd7@linuxmail.org>
DKIM signature: missing

Working on the deploy scripts I ran into the first thing I want some
opinions on.
First: I figure it's easiest to just have a single admin user who
everyone on The List can log into.
Is anyone opposed to this?

Second: Given this, how do we want to handle sudo?
Does the admin user (who can only be logged in via ssh key) have
passwordless sudo access or should we have a shared password we just
keep secret?

Chris Waldon <christopher.waldon.dev@gmail.com>

Details

Message ID: <5334835C-86CC-4718-A1F8-7EED8221F036@gmail.com>
In-Reply-To: <dc556af2-8dde-473f-682d-39559402ebd7@linuxmail.org> (view parent)
DKIM signature: pass

Download raw message

2 years ago

On February 5, 2021 8:57:21 PM EST, Daniel Wilkins <tekk@linuxmail.org> wrote:
>Working on the deploy scripts I ran into the first thing I want some
>opinions on.
>First: I figure it's easiest to just have a single admin user who
>everyone on The List can log into.
>Is anyone opposed to this?

I think this is fine for what we need.

>Second: Given this, how do we want to handle sudo?
>Does the admin user (who can only be logged in via ssh key) have
>passwordless sudo access or should we have a shared password we just
>keep secret?

Let's just do passwordless sudo for that account. The extra security doesn't buy us much right now, I think.

Happy to discuss this if anyone feels otherwise.

Cheers,
Chris

~whereswaldon/arbor-infra

User Password Handling