On 5/20/19 9:09 AM, Przemek Klosowski wrote: > On 5/17/19 4:34 PM, Kevin Fenzi wrote: >> So, this is basically the old cloud-init makes a user that can sudo to >> root thing. Can anyone explain in small words how this is more secure? > > In a large system, it allows granular revocation of access (Joe Bow quit > and we disabled his account)
but this is not what Cloud images do. They create 1 non root account 'fedora' (or centos or rhel or whatever) for all access (by default). > and accountability (who logged in as root > and installed PHP 1.0?). In this case it was 'fedora' user from ip X.x.x.x. Which is (in my mind) no better or different than it was 'root' from ip x.x.x.x. kevin
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
