[ec2-beta] document: EC2 Ubuntu sudo Guide

Eric Hammond ehammond at thinksome.com
Mon Mar 9 06:54:35 GMT 2009 

Michael Greenly wrote:
> I'm asking the question here because some one involved with the Ubuntu
> EC2 AMI has made the decision to deviate from standard AMI practices.

Seems to me it may be more a question of justifying why an official
Ubuntu image should deviate from the standard Ubuntu practice of
requiring sudo to access root.

Even back in 2007 when I started building the Ubuntu AMIs listed on
http://alestic.com I believed the right thing was to follow the Ubuntu
way with a non-privileged user.  However, at the time I figured my
primary audience was a bunch of EC2 users, not a bunch of Ubuntu users,
and I didn't think I could sway folks by myself, especially since none
of them had heard my name before.

Now that Canonical is officially involved and backing EC2, I think there
is a better chance that the Ubuntu way can be supported in the EC2
community, though there will obviously be some confusion and contention,
partly--I'm sorry to say--because I set a bad example with my Ubuntu AMIs.

I've been running Ubuntu servers for years both off and on EC2.  For
non-temporary systems I always configure them with normal users and use
sudo for root access.  I'll be the first to admit it's a bit of a pain
to administer remotely, especially when I had to come up with a way to
rsync.  (Is nobody else doing this on Ubuntu?!)

If you want to go the other direction on the official Ubuntu images,
it's only a couple (user-data script?) commands to allow direct ssh to
root and to delete the ubuntu user.  But apparently you shouldn't
describe how to do this on the Ubuntu Forums at penalty of
excommunication :-/  (That post showed the harshest attitude I've seen
so far in the usually accepting and supportive Ubuntu community.)

All that said, I could personally work with the official images in
either mode, provided that it's easy to ssh in manually and get things
done and it's possible to ssh in automatically and get things done.  I
just figure it makes sense to get people used to the Ubuntu way as early
and as consistently as possible since they're going to be seeing it
everywhere else in Ubuntu.

--
Eric Hammond
ehammond at thinksome.com

More information about the Ec2-beta mailing list