Day 1 of 100 Days of DevOps: Securing Service Accounts
So, I’ve officially started the 100 Days of DevOps on KodeKloud Engineer.
My goal is simple:
- Solidify what I already know
- Bridge the gaps in what I don’t
Before diving into the technical logs, I want to share a bit about where I’m coming from.
My Background
I’m currently a Computer Science student and working as a Software Engineer.
For a long time, I’ve had my sights set on becoming a Solutions Architect.
I’m already quite comfortable with:
- Cloud technologies
- System architectures
- The standard DevOps toolkit
But if I’m being honest… I’ve been playing it safe.
I stayed in my comfort zone instead of fully chasing that goal.
This challenge is my way of breaking that cycle and intentionally moving toward the career I actually want.
Day 1: Securing Service Accounts
Today’s task was simple, but very fundamental:
Create a service user on a remote server without allowing interactive login
The Scenario
- SSH into a remote instance
- Create a user called
app-service - Ensure:
- No home directory
- No interactive login
This user is meant for background processes — not humans — so security is key.
✅ The Solution
After connecting via SSH, I ran:
sudo useradd -r -M -s /usr/sbin/nologin app-service
Breakdown
-r (System User)
Creates a system account with a lower UID.
These accounts are typically hidden from login screens and reserved for services.
-M (No Home Directory)
No need to create /home/app-service.
This keeps the filesystem clean and reduces risk if the account is compromised.
-s /usr/sbin/nologin (Non-interactive Shell)
This is the security lock 🔒
Even if someone gets access to this account, they cannot start a shell session.
The system simply denies login attempts.
Key Takeaway
This is a perfect example of the Principle of Least Privilege:
Give a user exactly what they need — and nothing more.
Closing Thoughts
It’s a simple one-liner, but it reinforces a critical DevOps mindset:
security and intentional design at every level.
Day 1 done. Thank you for reading
Top comments (0)