passwordless sudo on GWDG VMs
Our CI pipeline currently assumes passwordless sudo on both our GWDG Cloud Server and our GWDG Virtual Server which is bad practice.
$ sudo cat /etc/sudoers.d/gitlab-ci
gitlab ALL=(ALL) NOPASSWD:ALL
Definition of Done:
-
allow only certain commands/scripts to run passwordless -
put all necessary commands into those scripts -
remove passwordless sudo configuration from all machines -
test
Hints:
- none...