On Fri, Dec 14, 2012 at 1:00 PM, Jay Greguske <jgregusk@redhat.com> wrote:
On 12/14/2012 03:12 PM, Matthew Miller wrote:
> Amazon recommends using ec2-user (with passwordless sudo) for EC2 images.
> That's what Fedora has been doing. Do we want to continue this? Arguments:
>
>
> A. It doesn't really provide any added security, but does add complication.
>    Additionally, normal "don't run as root" advice is less important since
>    cloud instances should be ephemeral and recreatable.
>
> B. But, consistency.
>

Fedora can of course do its own thing, but Ubuntu, Amazon Linux, future
RHELs, and other distros use ec2-user. This lines up with the EC2
documentation as well. I'd discourage changing it just because we can.

Well, not exactly, ubuntu lucid in aws uses 'ubuntu', both 'cloud-user' or even 'fedora would be generic enough... in my opinion.
 

> What's our SIG consensus here?
>
> Other points:
>
>  - We're making images for EC2 and for other cloud systems as well.
>    'ec2-user' seems particularly silly on, say, OpenStack.
>  - We could use ec2-user and something else (including just root) on the
>    generic images.

Fair points.

>  - We should decide this really fast because it's already past the last
>    minute; default is to just stay with ec2-user for F18 and revisit for
>    F19.
>

+1

- Jay

_______________________________________________
cloud mailing list
cloud@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/cloud



--
Jorge A Gallegos <kad@blegh.net>
http://kad.blegh.net