On Fri, May 24, 2013 at 10:57:29AM -0400, seth vidal wrote: > How about we do-away with the 'faux user which is and is not root even > though they are a trivial unpassworded sudo away' security theater that > amazon and ubuntu have been peddling for years now. > > I mean seriously - it's meaningless - let's stop pretending. I don't see it as a security feature (for the obvious reasons you give). It's more like the blade cover on a lawn mower. Sure, that's not locked and you can easily remove it, but a large amount of normal operation -- even sysadmin work! -- doesn't require you to stick your fingers in there. By not requiring a password, there's an easy-quick-release lock, and hey, you can always 'sudo su -' if you want to mow the grass without the cover. But it's still good practice to leave the cover on when you don't actually need to adjust something or fix a problem. We're not forcing that practice on anyone (you can disable the creation of the user in user-data, and I even include a snippet to just use root in the cloud-ks file), but I think it's a good default. That Ubuntu and Amazon do a similar thing just makes it easier. -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud
