to ec2-user or not to ec2-user?
Nux!
nux at li.nux.ro
Fri Dec 14 20:33:52 UTC 2012
On 14.12.2012 20:12, Matthew Miller wrote:
> Amazon recommends using ec2-user (with passwordless sudo) for EC2
> images.
> That's what Fedora has been doing. Do we want to continue this?
> Arguments:
>
>
> A. It doesn't really provide any added security, but does add
> complication.
> Additionally, normal "don't run as root" advice is less important
> since
> cloud instances should be ephemeral and recreatable.
>
> B. But, consistency.
>
> What's our SIG consensus here?
>
> Other points:
>
> - We're making images for EC2 and for other cloud systems as well.
> 'ec2-user' seems particularly silly on, say, OpenStack.
> - We could use ec2-user and something else (including just root) on
> the
> generic images.
> - We should decide this really fast because it's already past the
> last
> minute; default is to just stay with ec2-user for F18 and revisit
> for
> F19.
In one of my EL6 images for Openstack I've added an ec2-user with same
uid,gid and homedir as root, works fine, not sure if it's up to anyone
else's standards, though.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
More information about the cloud
mailing list