On Tue, Nov 25, 2014 at 10:23 AM, Kevin Fenzi kevin@scrye.com wrote:
On Tue, 25 Nov 2014 09:56:59 -0500 Simo Sorce simo@redhat.com wrote:
We can install machine w/o user accounts, removing the ability to log in as root via ssh means those machines will not be accessible.
This has been the reason this hasn't been changed the last few times someone proposed to change it.
I don't know how many folks do installs with no user config, but it's definitely possible right now and that could mean they wouldn't be able to reach their instance. We could of course change that so creating a new user is forced, but I'm really not sure it's that much advantage.
If you want to remove root access that should be conditionally done at firstboot only if a user account was created.
This seems a more reasonable place to look to change this, I agree.
kevin
No user config *and no console access* is where it breaks down. Most people who run real servers use either virtualization, which provides a form of console access, or remote KVM's, or have hands and eyes.