diff --git a/test/scripts/ssh-setup.sh b/test/scripts/ssh-setup.sh
index 906312208a8a..1ec9269a1497 100644
--- a/test/scripts/ssh-setup.sh
+++ b/test/scripts/ssh-setup.sh
@@ -9,6 +9,7 @@ RUNNER_DIR="$1"
 APP_PACKAGE="$2"
 PREVIOUS_APP="$3"
 UI_RUNNER="$4"
+UNPRIVILEGED_USER="$5"
 
 # Copy over test runner to correct place
 
@@ -81,7 +82,7 @@ EOF
 
 function create_test_user_macos {
     echo "Adding test user account"
-    sysadminctl -addUser mole -fullName "Mole Molesson" -password mole
+    sysadminctl -addUser $UNPRIVILEGED_USER -fullName "$UNPRIVILEGED_USER" -password $UNPRIVILEGED_USER
 }
 
 function setup_systemd {
@@ -112,8 +113,8 @@ EOF
 
 function create_test_user_linux {
     echo "Adding test user account"
-    useradd -m mole
-    echo "mole" | passwd mole --stdin
+    useradd -m $UNPRIVILEGED_USER
+    echo "$UNPRIVILEGED_USER" | passwd $UNPRIVILEGED_USER --stdin
 }
 
 if [[ "$(uname -s)" == "Darwin" ]]; then
diff --git a/test/test-manager/src/vm/provision.rs b/test/test-manager/src/vm/provision.rs
index 143f023fa49f..359cf16c33d8 100644
--- a/test/test-manager/src/vm/provision.rs
+++ b/test/test-manager/src/vm/provision.rs
@@ -10,6 +10,7 @@ use std::{
     net::{IpAddr, SocketAddr, TcpStream},
     path::{Path, PathBuf},
 };
+use test_rpc::UNPRIVILEGED_USER;
 
 /// Returns the directory in the test runner where the test-runner binary is installed.
 pub async fn provision(
@@ -156,7 +157,7 @@ fn blocking_ssh(
 
     // Run the setup script in the test runner
     let cmd = format!(
-        r#"sudo {} {remote_dir} "{app_package_path}" "{app_package_to_upgrade_from_path}" "{gui_package_path}""#,
+        r#"sudo {} {remote_dir} "{app_package_path}" "{app_package_to_upgrade_from_path}" "{gui_package_path}" "{UNPRIVILEGED_USER}""#,
         bootstrap_script_dest.display(),
     );
     log::debug!("Running setup script on remote, cmd: {cmd}");
diff --git a/test/test-rpc/src/lib.rs b/test/test-rpc/src/lib.rs
index cc263b845e1e..1ec8fb73216a 100644
--- a/test/test-rpc/src/lib.rs
+++ b/test/test-rpc/src/lib.rs
@@ -13,6 +13,10 @@ pub mod net;
 pub mod package;
 pub mod transport;
 
+/// Unprivileged user. This is used for things like spawning processes.
+/// This is also used as the password for the same user, as is common practice.
+pub const UNPRIVILEGED_USER: &str = "mole";
+
 #[derive(thiserror::Error, Debug, Serialize, Deserialize, PartialEq, Eq)]
 pub enum Error {
     #[error("Test runner RPC failed")]
diff --git a/test/test-runner/src/main.rs b/test/test-runner/src/main.rs
index a884df0cbe39..79bc17b4ef50 100644
--- a/test/test-runner/src/main.rs
+++ b/test/test-runner/src/main.rs
@@ -17,7 +17,7 @@ use test_rpc::{
     net::SockHandleId,
     package::Package,
     transport::GrpcForwarder,
-    AppTrace, Service, SpawnOpts,
+    AppTrace, Service, SpawnOpts, UNPRIVILEGED_USER,
 };
 use tokio::{
     io::{AsyncBufReadExt, AsyncReadExt, AsyncWriteExt, BufReader},
@@ -388,7 +388,7 @@ impl Service for TestServer {
         cmd.stderr(Stdio::piped());
         cmd.kill_on_drop(true);
 
-        let mut child = util::as_unprivileged_user("mole", || cmd.spawn())
+        let mut child = util::as_unprivileged_user(UNPRIVILEGED_USER, || cmd.spawn())
             .map_err(|error| {
                 log::error!("Failed to drop privileges: {error}");
                 test_rpc::Error::Syscall