Default cloud user name
Matthew Miller
mattdm at fedoraproject.org
Fri May 24 15:20:21 UTC 2013
On Fri, May 24, 2013 at 10:57:29AM -0400, seth vidal wrote:
> How about we do-away with the 'faux user which is and is not root even
> though they are a trivial unpassworded sudo away' security theater that
> amazon and ubuntu have been peddling for years now.
>
> I mean seriously - it's meaningless - let's stop pretending.
I don't see it as a security feature (for the obvious reasons you give).
It's more like the blade cover on a lawn mower. Sure, that's not locked and
you can easily remove it, but a large amount of normal operation -- even
sysadmin work! -- doesn't require you to stick your fingers in there.
By not requiring a password, there's an easy-quick-release lock, and hey,
you can always 'sudo su -' if you want to mow the grass without the cover.
But it's still good practice to leave the cover on when you don't actually
need to adjust something or fix a problem.
We're not forcing that practice on anyone (you can disable the creation of
the user in user-data, and I even include a snippet to just use root in the
cloud-ks file), but I think it's a good default.
That Ubuntu and Amazon do a similar thing just makes it easier.
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm at fedoraproject.org>
More information about the cloud
mailing list