On Fri, Dec 14, 2012 at 1:00 PM, Jay Greguske <jgregusk(a)redhat.com> wrote:
On 12/14/2012 03:12 PM, Matthew Miller wrote:
> Amazon recommends using ec2-user (with passwordless sudo) for EC2 images.
> That's what Fedora has been doing. Do we want to continue this? Arguments:
> A. It doesn't really provide any added security, but does add complication.
> Additionally, normal "don't run as root" advice is less important
> cloud instances should be ephemeral and recreatable.
> B. But, consistency.
Fedora can of course do its own thing, but Ubuntu, Amazon Linux, future
RHELs, and other distros use ec2-user. This lines up with the EC2
documentation as well. I'd discourage changing it just because we can.
Some historical info: since our first cloud image targeted EC2, we
looked at the EC2 documentation and other distros, most of which
tended toward ec2-user, so we went with that.
> What's our SIG consensus here?
> Other points:
> - We're making images for EC2 and for other cloud systems as well.
> 'ec2-user' seems particularly silly on, say, OpenStack.
> - We could use ec2-user and something else (including just root) on the
> generic images.
If we end up with One Image to Rule Them All at some point, I think
using something more generic is fair. We could probably get pretty
close with some fine-tuning. Just not for F18; I suspect we're a
little late for that kind of churn.
> - We should decide this really fast because it's already
past the last
> minute; default is to just stay with ec2-user for F18 and revisit for
+1. This is an excellent time to discuss plans for F19 images, not so
much F18 images.