[ec2-beta] document: EC2 Ubuntu sudo Guide

Soren Hansen soren at ubuntu.com
Tue Mar 10 16:27:23 GMT 2009 

On Sun, Mar 08, 2009 at 10:03:04AM -0500, Michael Greenly wrote:
>> Well, the use of a non-root 'admin' user is just part of the standard
>> Ubuntu setup. I don't think that this should ever change for an AMI
>> image of Ubuntu (provided by Ubuntu or Canonical, that is), unless it
>> has already changed as part of the base OS, that is.  Given that the
>> AMIs are 'post-installation', the choice of the administrative user
>> has already been made, and it's 'ubuntu' rather than your own name
>> ...
> I disagree.  It shouldn't do something different than every other AMI
> unless there' s some advantage.  

Your statement begs the counter-statement: "It shouldn't do something
different than every other Ubuntu system unless there's some advantage."

Just because everyone else does something doesn't mean that it's
necessarily a good idea, let alone one that you should adopt.

EC2 has traditions and so does Ubuntu.  Where they differ, a choice
needs to be made as to which tradition to follow. I feel rather proud of
our insisting on using sudo instead of luring people into the trap of
logging in as root. It's served us well for a years on every other
platform.

> On any machine that supports logins with a password there are arguably
> some advantages in going that route but when you don't allow password
> authentication the only advantage I'm aware of is that sudo provides
> some logging.

Logging is one of many reasons for using sudo, yes.

> Except that 'sudo su' works and that steps right past all the logging.

Indeed. Almost all parts of what sudo does can be worked around.  In the
default setup, you can use your sudo powers to give root a password and
enable password based logins over SSH, thus eliminating the sudo
requirement completely. Or, you can just skip right by on a case by case
basis by doing "sudo su -". sudo privileges is something you give to
people you already trust. If they can't be trusted to follow your
security policy, don't give them sudo privileges.

> I'm just hoping that the people who made the decision to deviate from
> the norm can point me to some literature that describes why it was a
> good idea?  If changes that effect security are being made without
> adequate planning that concerns me.

Conversely, changing something that *every* existing Ubuntu user expects
to be true is also not something that should be done without ample
reason.

This is the canonical (no pun intended) wiki page about our use of sudo:

   https://help.ubuntu.com/community/RootSudo

-- 
Soren Hansen                 | 
Lead Virtualisation Engineer | Ubuntu Server Team
Canonical Ltd.               | http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 315 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/mailman/private/ec2-beta/attachments/20090310/abb64fcc/attachment.pgp

More information about the Ec2-beta mailing list