Issue
-
Is it possible to remove sudo permission from SSH account?
-
Is the SSH user still needed other than to perform manual troubleshooting, can we delete this user?
-
Once the installation is completed, Could we remove sudo permission from SSH account?
Environment
-
CloudBees Jenkins Enterprise (CJE) - AWS/OpenStack/Anywhere
Resolution
The SSH user who is used for certain cluster operation such as cluster-init, worker-add, worker-restart, pse-support, …needs sudo permissions because they access to configuration/logs files which requires from that privileges
These are the commands performed with sudo by the SSH user:
COMMAND=/bin/cat COMMAND=/bin/chmod COMMAND=/bin/cp COMMAND=/bin/docker COMMAND=/bin/firewall-cmd COMMAND=/bin/id COMMAND=/bin/install COMMAND=/bin/mkdir COMMAND=/bin/mount COMMAND=/bin/nmcli COMMAND=/bin/rm COMMAND=/bin/rmdir COMMAND=/bin/sed COMMAND=/bin/sh COMMAND=/bin/su COMMAND=/bin/sudo COMMAND=/bin/systemctl COMMAND=/bin/tee COMMAND=/bin/touch COMMAND=/bin/umount COMMAND=/bin/yum COMMAND=/etc/init.d/topbeat COMMAND=/home/packer/dna-config/configure-docker COMMAND=/home/packer/dna-config/configure-http-proxy COMMAND=/sbin/useradd