On 14.12.2012 20:12, Matthew Miller wrote:
Amazon recommends using ec2-user (with passwordless sudo) for EC2
images.
That's what Fedora has been doing. Do we want to continue this?
Arguments:
A. It doesn't really provide any added security, but does add
complication.
Additionally, normal "don't run as root" advice is less important
since
cloud instances should be ephemeral and recreatable.
B. But, consistency.
What's our SIG consensus here?
Other points:
- We're making images for EC2 and for other cloud systems as well.
'ec2-user' seems particularly silly on, say, OpenStack.
- We could use ec2-user and something else (including just root) on
the
generic images.
- We should decide this really fast because it's already past the
last
minute; default is to just stay with ec2-user for F18 and revisit
for
F19.
In one of my EL6 images for Openstack I've added an ec2-user with same
uid,gid and homedir as root, works fine, not sure if it's up to anyone
else's standards, though.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
