VMware Cloud Community
nicmac
Contributor
Contributor

vCSA - what is the default "upgrade" user for?

And why does it have SUDO all?

upgrade ALL=(ALL) NOPASSWD: ALL

Furthermore, what are the implications of disabling this sudo rule and/or disabling ssh login for the upgrade user? This poses a security risk.

Reply
0 Kudos
2 Replies
nicmac
Contributor
Contributor

No ideas on this one? I am almost positive this account would fail a PCI audit.

Reply
0 Kudos
admin
Immortal
Immortal

The default upgrade user is the db admin that manages the backend postgres DB. Disabling it would mean the upgrade wont work.

Reply
0 Kudos