to ec2-user or not to ec2-user?
Jorge Gallegos
kad at blegh.net
Mon Dec 17 05:50:54 UTC 2012
On Fri, Dec 14, 2012 at 1:00 PM, Jay Greguske <jgregusk at redhat.com> wrote:
> On 12/14/2012 03:12 PM, Matthew Miller wrote:
> > Amazon recommends using ec2-user (with passwordless sudo) for EC2 images.
> > That's what Fedora has been doing. Do we want to continue this?
> Arguments:
> >
> >
> > A. It doesn't really provide any added security, but does add
> complication.
> > Additionally, normal "don't run as root" advice is less important
> since
> > cloud instances should be ephemeral and recreatable.
> >
> > B. But, consistency.
> >
>
> Fedora can of course do its own thing, but Ubuntu, Amazon Linux, future
> RHELs, and other distros use ec2-user. This lines up with the EC2
> documentation as well. I'd discourage changing it just because we can.
>
Well, not exactly, ubuntu lucid in aws uses 'ubuntu', both 'cloud-user' or
even 'fedora would be generic enough... in my opinion.
>
> > What's our SIG consensus here?
> >
> > Other points:
> >
> > - We're making images for EC2 and for other cloud systems as well.
> > 'ec2-user' seems particularly silly on, say, OpenStack.
> > - We could use ec2-user and something else (including just root) on the
> > generic images.
>
> Fair points.
>
> > - We should decide this really fast because it's already past the last
> > minute; default is to just stay with ec2-user for F18 and revisit for
> > F19.
> >
>
> +1
>
> - Jay
>
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud
>
--
Jorge A Gallegos <kad at blegh.net>
http://kad.blegh.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/cloud/attachments/20121216/71a61d9e/attachment-0001.html>
More information about the cloud
mailing list