to ec2-user or not to ec2-user?

Vitaly Kuznetsov vkuznets at redhat.com
Mon Dec 17 13:03:54 UTC 2012


On 12/14/2012 09:12 PM, Matthew Miller wrote:
> Amazon recommends using ec2-user (with passwordless sudo) for EC2 images.
> That's what Fedora has been doing. Do we want to continue this? Arguments:
>
>
> A. It doesn't really provide any added security, but does add complication.
>     Additionally, normal "don't run as root" advice is less important since
>     cloud instances should be ephemeral and recreatable.

I think the security concern is: there are a lot of things user can do 
without having root privileges. Providing him with root access by 
default leads to unreasonable using it for everything. Using 'sudo' for 
privileged commands only looks better.

-- 
Vitaly Kuznetsov, Cloud QE


More information about the cloud mailing list