On Tue, Jun 24, 2014 at 11:56 AM, Filipe Brandenburger <filbranden@xxxxxxxxxx> wrote: > Yes, but currently there's no good way (that I know of) to specify > which users are admins and which users are not... That's not just a > problem with the Fedora image but with GCE in general. A possible way > to handle that would be to introduce a metadata key such as > "admin-users" with a list of users that should get sudo and then only > add those to sudoers. The problem, then, is that *all* users can go to > the GCE console and modify the metadata to add themselves to > "admin-users" so that defeats the purpose... > > Unfortunately, right now I don't think there's a good way around it... > All users registered for a project in GCE are effectively root, so if > you want to keep that list short you should only keep a handful of > users registered *in GCE*. > > Once your instances are up, you can of course activate some different > form of user management for additional users, for instance you can > hook it to a FreeIPA which contains a user database of your "mortal" > users and then you can manage the box as you'd usually do. > > Does that make sense? Yeah, definitely. You can, also, manage the users yourself. Just create a single account. Then, use that account to add users. Currently, GCE allows this. Then, just inject your own keys and have them access the server. -- It's hard to be free... but I love to struggle. Love isn't asked for; it's just given. Respect isn't asked for; it's earned! Renich Bon Ciric http://www.woralelandia.com/ http://www.introbella.com/ _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
