to ec2-user or not to ec2-user?

jvlcek jvlcek at redhat.com
Mon Dec 17 14:27:02 UTC 2012


On 12/14/2012 04:00 PM, Jay Greguske wrote:
> On 12/14/2012 03:12 PM, Matthew Miller wrote:
>> Amazon recommends using ec2-user (with passwordless sudo) for EC2 images.
>> That's what Fedora has been doing. Do we want to continue this? Arguments:
>>
>>
>> A. It doesn't really provide any added security, but does add complication.
>>    Additionally, normal "don't run as root" advice is less important since
>>    cloud instances should be ephemeral and recreatable.
>>
>> B. But, consistency.
>>
> Fedora can of course do its own thing, but Ubuntu, Amazon Linux, future
> RHELs, and other distros use ec2-user. This lines up with the EC2
> documentation as well. I'd discourage changing it just because we can.
>
>> What's our SIG consensus here?
>>
>> Other points:
>>
>>  - We're making images for EC2 and for other cloud systems as well.
>>    'ec2-user' seems particularly silly on, say, OpenStack.
>>  - We could use ec2-user and something else (including just root) on the
>>    generic images.
> Fair points.
>
>>  - We should decide this really fast because it's already past the last
>>    minute; default is to just stay with ec2-user for F18 and revisit for
>>    F19.
>>
> +1
>
> - Jay
>
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud



Amazon of course uses ec2-user, ec2 is an Amazon product.

Ubuntu initially focused on ec2 so ec2-user made sense.

Multiple back-end support is a core principal for Red Hat cloud
solutions. Using
a user name which reflects a proprietary offering seems counter to that.

Again, I suggest "cloud-user".

Joe VLcek


More information about the cloud mailing list