Em aqui :
"All Linux user accounts in your project are granted root access to your instances. By default, new Linux user accounts are added to the following user groups upon account creation:
gce-sudoers
- Gives root access
gce-users
- General users groupThe
gce-sudoers
group is automatically maintained by the Cloud User Accounts service and contains every Linux user account in your project. If you wanted to restrict root access to certain accounts, remove the default policy at:
/etc/sudoers.d/gcua
Next, create your own group and add a configuration similar to the
gcua
file in thesudoers.d
folder."