feat: removed the check in rotation and also added useSudo capability in unix linux account rotation

[akhilmhdh]

Context

This PR removes the rotation blocking for changing a root user in unix linux account rototation. This allows rotation on root level. At some point in future we will have additionally a new configuration that providers blacklisting users that are not allowed to rotation or not.

This PR also adds useSudo that conditionally enables the sudo part in a command

Screenshots

Steps to verify the change

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format: type(scope): short description (scope is optional, e.g., fix: prevent crash on sync or fix(api): handle null response).
• Tested locally
• Updated docs (if needed)
• Read the contributing guide

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Summary

This PR adds a useSudo parameter to conditionally enable sudo for password rotation commands and removes the privileged account check that previously blocked rotation of root, admin, administrator, and sudo accounts.

Key Changes:

• Added useSudo boolean parameter (defaults to false) that conditionally uses sudo chpasswd vs chpasswd when rotating passwords in managed mode
• Removed validation that prevented rotation of privileged system accounts (root, admin, administrator, sudo)
• Updated frontend UI to show useSudo checkbox only when rotation method is "Login as Root"
• Added comprehensive documentation for the new parameter

Security Concern:
The removal of the privileged account check creates a critical security gap. While the PR description mentions future blacklisting configuration, there's currently no protection against rotating privileged accounts. This allows potential attackers with Infisical access to lock out legitimate administrators by rotating root/sudo account passwords.

UI Issues:

• Review screen displays raw boolean values (true/false) instead of user-friendly text ("Yes"/"No")
• Form state doesn't clear useSudo when switching rotation methods, though this is minor since backend ignores it for non-applicable methods

Confidence Score: 3/5

• This PR introduces a critical security gap by removing privileged account protection without replacement safeguards
• While the useSudo feature is implemented correctly, removing the privileged account validation (root, admin, administrator, sudo) creates an immediate security vulnerability. The PR description acknowledges this gap ("at some point in future we will have additionally a new configuration"), but ships without interim protection. An attacker with Infisical access could rotate root passwords and lock out legitimate administrators.
• Pay close attention to unix-linux-local-account-rotation-fns.ts - the removed privileged account check creates a security vulnerability

Important Files Changed

Filename	Overview
backend/src/ee/services/secret-rotation-v2/unix-linux-local-account-rotation/unix-linux-local-account-rotation-fns.ts	Removed privileged account check and added conditional sudo support. Security implications need consideration.
frontend/src/components/secret-rotations-v2/forms/SecretRotationV2ParametersFields/UnixLinuxLocalAccountRotationParametersFields.tsx	Added conditional checkbox for useSudo with helpful tooltip, only shown for LoginAsRoot method.
frontend/src/components/secret-rotations-v2/forms/SecretRotationV2ReviewFields/UnixLinuxLocalAccountRotationReviewFields.tsx	Added display of useSudo value in review section - displays raw boolean instead of formatted text.

_{Last reviewed commit: 31bf255}

[greptile-apps]

_{7 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}