diff --git a/files/opendsa/manage.sh b/files/opendsa/manage.sh
index 32cf02c8ef7bbb8852fce950a47add3393a4ab0b..f8b0f5cb1a8d52b2d8601d03612969ef60897404 100755
--- a/files/opendsa/manage.sh
+++ b/files/opendsa/manage.sh
@@ -1,8 +1,19 @@
 #!/bin/bash
+
+OPENDSA_HOME="/srv/opendsa"
+
 if [ $# == 0 ]
 then
     echo "This script is only intended for managing the server. Please provide one argument as an action!"
     exit 1
 fi
-cd ~/OpenDSA/server/
-~/OpenDSA/server/main.py "$@"
+
+if [[ $(whoami) != "opendsa" ]]
+then
+    sudo -u opendsa $OPENDSA_HOME/manage.sh "$@"
+    exit $?
+fi
+
+cd $OPENDSA_HOME/OpenDSA/server/
+$OPENDSA_HOME/OpenDSA/server/main.py "$@"
+exit $?
diff --git a/files/sudoers_aes b/files/sudoers_aes
index 01e92de8fb848c153537532c2c75dab05cf1ff8e..7a5877972c97b0414b0fe55d000b61caf8deda79 100644
--- a/files/sudoers_aes
+++ b/files/sudoers_aes
@@ -2,7 +2,7 @@ klaar36 ALL=(ALL) NOPASSWD: ALL
 filst04 ALL=(ALL) NOPASSWD: ALL
 
 User_Alias EXAM_ADMINS = torjo38, klaar36, vikol94, magni54, filst04
-Runas_Alias EXAM_USER = examadm, %examadm
+Runas_Alias EXAM_USER = examadm, %examadm, opendsa, %opendsa
 
 Cmnd_Alias SERVICE_CMDS = /usr/bin/systemctl /usr/bin/less
 
diff --git a/manifests/opendsa.pp b/manifests/opendsa.pp
index 2c4ed51eccb17f3d848d66c0b5deb1eaa9b59983..632f7f09911f04ccfa5526a0e713e97a07aaf400 100644
--- a/manifests/opendsa.pp
+++ b/manifests/opendsa.pp
@@ -12,8 +12,7 @@ class aes::opendsa {
     managehome => false,
     membership => inclusive,
     system => true,
-  # Do we need login shell. YES
-    shell => '/bin/bash',
+    shell => '/sbin/nologin',
   }
 
   file { "${opendsa_home}":
@@ -63,7 +62,7 @@ class aes::opendsa {
     ensure => present,
     owner  => "${opendsa_user}",
     group  => "${opendsa_group}",
-    mode => '0751',
+    mode => '0755',
     source => "puppet:///modules/${module_name}/opendsa/manage.sh",
   }