On 5/20/19 9:09 AM, Przemek Klosowski wrote:
On 5/17/19 4:34 PM, Kevin Fenzi wrote:
> So, this is basically the old cloud-init makes a user that can sudo to
> root thing. Can anyone explain in small words how this is more secure?
In a large system, it allows granular revocation of access (Joe Bow quit
and we disabled his account)
but this is not what Cloud images do. They create 1 non root account
'fedora' (or centos or rhel or whatever) for all access (by default).
and accountability (who logged in as root
and installed PHP 1.0?).
In this case it was 'fedora' user from ip
X.x.x.x.
Which is (in my mind) no better or different than it was 'root' from ip
x.x.x.x.
kevin