On 12/14/2012 03:12 PM, Matthew Miller wrote:
Amazon recommends using ec2-user (with passwordless sudo) for EC2
images.
That's what Fedora has been doing. Do we want to continue this? Arguments:
A. It doesn't really provide any added security, but does add complication.
Additionally, normal "don't run as root" advice is less important since
cloud instances should be ephemeral and recreatable.
B. But, consistency.
Fedora can of course do its own thing, but Ubuntu, Amazon Linux, future
RHELs, and other distros use ec2-user. This lines up with the EC2
documentation as well. I'd discourage changing it just because we can.
What's our SIG consensus here?
Other points:
- We're making images for EC2 and for other cloud systems as well.
'ec2-user' seems particularly silly on, say, OpenStack.
- We could use ec2-user and something else (including just root) on the
generic images.
Fair points.
- We should decide this really fast because it's already past
the last
minute; default is to just stay with ec2-user for F18 and revisit for
F19.
+1
- Jay