Zabba

Asked: 2018-10-02 15:55:54 +0800 CST2018-10-02 15:55:54 +0800 CST 2018-10-02 15:55:54 +0800 CST

Use default `ubuntu` user to deploy an app or make separate users?

I have a Ruby on Rails app and use Capistrano to deploy it to the server.

The deploy user and the user running the app is the same - the default ubuntu user. (this has sudo access: ubuntu ALL=(ALL) NOPASSWD:ALL)

Maybe this setup is a bit insecure, in case there is a flaw in my Rails app that allows access to the system via the ubuntu user?

I was thinking of making these two users:

deploy user: only has sudo access to start/restart nginx on the server. Has SSH access to the server.
railsrunner: no sudo access, and has no SSH access (railsrunner:x:12345:12345::/nonexistent:/usr/sbin/nologin)

Is that a good approach? Is there any advantage to having a deploy user or the railsrunner user or should I just use the ubuntu user? (or something else?)

Use default `ubuntu` user to deploy an app or make separate users?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Use default `ubuntu` user to deploy an app or make separate users?

0 Answers