Set up a separate Linux user account in terraform #38
Description
It appears that the terraform scripts clone and set up code all through the root account. It would be helpful if the script created a separate user with a limited set of permissions.
ls -ld /opt/scheduler
drwxr-xr-x 10 root root 4096 Jan 22 20:02 /opt/scheduler
At the moment, it is an issue if you log into the VM but then want to pull code via git. Although it is not ideal to be doing manual git pulls, sometimes it is necessary in order to iterate on code changes. Since terraform wipes the VM each time, it makes it slow and potentially expensive to iterate on code that modifies or transfers the release graphs. (i.e. you need to download the release graphs new each time you run tf)
Example: if you log into the VM but try to git pull, it will fail or cause permission issues since a non-root user can't pull into the a repo owned by root. You can switch user to be root, but then all your operations are also running as root and it is generally a good practice to avoid doing things like installing Python packages or running containers with root.
$ cd /opt/scheduler/
$ git pull
fatal: detected dubious ownership in repository at '/opt/scheduler'
To add an exception for this directory, call:
git config --global --add safe.directory /opt/scheduler