Index: scripts/lockdown.sh
===================================================================
diff -u -ree1c74e58973274b59557d10acce063504fc2d11 -r753fa8c694e4c858f7c1b6665b207d59340f6612
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision ee1c74e58973274b59557d10acce063504fc2d11)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision 753fa8c694e4c858f7c1b6665b207d59340f6612)
@@ -8,23 +8,17 @@
 CONTENT_SUDOERS="
 Defaults	env_reset
 Defaults	mail_badpass
-Defaults	secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\"
+Defaults	secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"
 Defaults	use_pty
 
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 
-# Members of the admin group may gain root privileges
-%admin ALL=(ALL) ALL
-
 # Allow members of group sudo to execute any command
-%sudo	ALL=(ALL:ALL) ALL
+# this line has been intentionaly commented out to revoke any access from sudoes 
+# other than what has been specifically mentioned below.
+# %sudo	ALL=(ALL:ALL) ALL
 
-# All serviceuser to execute any command
-serviceuser	ALL=(ALL:ALL) ALL
-%serviceuser	ALL=(ALL:ALL) ALL
-
-
 # Allow the denali user to execute specific commands as root.
 denali ALL=(root) NOPASSWD: /usr/bin/bluetoothctl
 denali ALL=(root) NOPASSWD: /usr/bin/tee *
@@ -120,6 +114,9 @@
   local fileTarget="/etc/sudoers"
   # Allow the denali user to execute specific commands as root.
   echo "$CONTENT_SUDOERS" > $fileTarget
+  
+  #removing the cloud user who runs the CloudSync entirely from sudoers
+  gpasswd -d cloud sudo
 }