Index: scripts/lockdown.sh
===================================================================
diff -u -ree1c74e58973274b59557d10acce063504fc2d11 -r55bc61e37ddb78c9299a8652b6468d0290a163cc
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision ee1c74e58973274b59557d10acce063504fc2d11)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision 55bc61e37ddb78c9299a8652b6468d0290a163cc)
@@ -8,23 +8,18 @@
 CONTENT_SUDOERS="
 Defaults	env_reset
 Defaults	mail_badpass
-Defaults	secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\"
+Defaults	secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"
 Defaults	use_pty
 
 # User privilege specification
 root	ALL=(ALL:ALL) ALL
 
-# Members of the admin group may gain root privileges
-%admin ALL=(ALL) ALL
-
 # Allow members of group sudo to execute any command
+# this line should have been commented out to revoke any access from sudoers,
+# other than what has been specifically mentioned below.
+# but since it make the serviceability so hard it has not been.
 %sudo	ALL=(ALL:ALL) ALL
 
-# All serviceuser to execute any command
-serviceuser	ALL=(ALL:ALL) ALL
-%serviceuser	ALL=(ALL:ALL) ALL
-
-
 # Allow the denali user to execute specific commands as root.
 denali ALL=(root) NOPASSWD: /usr/bin/bluetoothctl
 denali ALL=(root) NOPASSWD: /usr/bin/tee *
@@ -120,6 +115,9 @@
   local fileTarget="/etc/sudoers"
   # Allow the denali user to execute specific commands as root.
   echo "$CONTENT_SUDOERS" > $fileTarget
+  
+  #removing the cloud user who runs the CloudSync entirely from sudoers
+  gpasswd -d cloud sudo
 }