[ec2-beta] document: EC2 Ubuntu sudo Guide

Michael Greenly mgreenly at gmail.com
Wed Mar 11 01:21:23 GMT 2009 

On Tue, Mar 10, 2009 at 2:15 PM, Soren Hansen <soren at ubuntu.com> wrote:

>
> How do you use rsync differently on EC2 compared to a regular Ubuntu
> Server install? Also, what is the particular difficulty here? Do you
> have a specific use case?


The problem exists when you are trying to use rsync to push files up to the
server and preserve permissions and ownership.

The same problem exists on a regular server setup.

I hadn't personally experienced the problem because I've traditionally done
my server installation/configuration interactively.  Now that I've become
accustom to scripting this process I'm sure I'll be running into the problem
there as well.



> The use of sudo is all about interactive logins.  If you need to log in
> as root to do rsync, that's fine. Set up ssh public key authentication,
> and you're good. I don't remember ever having to to that, though. I run
> rsync as root (via crontab or sudo or whatever) on the destination
> machine, and that's all I really need.
>
> > The problem is that none of the traditional 'sudo' advantages gain you
> > anything at this point in this AMIs life cycle.
> >
> > This AMI doesn't represent a finished product that some one will login
> > to and use for anything.
> >
> > It represents a blank slate that's a starting point from which a
> > server will be configured and then re-bundled.
>
> I don't think I follow? People can use these images as is for many
> different purposes. Not everyone will rebundle.
>

So now we've found a difference about what we think this AMI is...

The user has to customize their instance if they don't it serves no purpose
except to make money for Amazon.

I can imagine two types of EC2 user.  The kind who provisions their own
server from a distribution base image and the kind who just uses an existing
public application image, maybe an AMI containing a preconfigured LAMP
stack.

This instance is only really for the first kind of user I described.

The users in the second category are not prepared to cope with all the
backup/recovery issues that must be dealt with when running an EC2
instance.  You can't just do a tasksel and end up with a production
environment.  Those packages are not configured to run in a this
environment.  They don't know the machine is guaranteed to evaporate.  They
don't assume that the root partition is limited to 10GB.  Etc...

I certainly hope you guys are not trying to encourage that kind of thinking?

This AMI is for the first kind of user I described.  That user will create a
customized AMI for some specific applicaiton, maybe a LAMP stack, and will
deal with all of those complexities.  Once they've done this they will
bundle it into a customized AMI so that they don't have to re-do all that
work later when there instance needs to be restored.




>
> > Had it been my decision it would have allowed root log in just like
> > all other Linux AMIs.  Then I would of provide a connivance script to
> > disable root login and instructions to use it prior to bundling.
> >
> > This would have allowed all the conventional EC2 wisdom to just work and
> > once the server was being used it would operate as an Ubuntu user/admin
> > would expect.
>
> 10-15 years ago, virtually all linux documentation started with "log in
> as root". :) As I said in my previous e-mail, I don't think that
> "everybody else does it" is a very good argument for doing something. If
> it were, nothing would ever improve or evolve.


Everyone in this conversation has entirely missed my point about this.  This
is not something I'm advocating or ever do with live servers.  This is about
an EC2 instance on first boot that still has not been configured for use.
Don't think of it as the Ubuntu distribution image.  Think of it as a
pre-distribution.  In this situation there's no advantage to sudo and there
are disadvantages.  I'm not the one failing to evolve.  You guys are all
stuck in "that's how we do it" mode and can't look beyond that.

Yes if there are going to to be interactice logons to the system root logins
should be diabled.  That should be the last step of configuring your image
prior to bundling your AMI.



>
> --
> Soren Hansen                 |
> Lead Virtualisation Engineer | Ubuntu Server Team
> Canonical Ltd.               | http://www.ubuntu.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iJwEAQECAAYFAkm2vGIACgkQo+Mz6+DAzGyuNQP/Z57IWd1gcHUx0l++BXbX34ki
> EK5hnw6gwB2GeQ8djl/tzk3HsNk6NXCBhV5wFWqFSOBYUvjJ1tkztCLfOUSk//Lz
> i/gEhm7QMmNcDQ9TOA5WedoiY020cID93RWbCKaI01uoH4sTXXePGP7AvRFZqZAe
> zKpU+ElQH4/LGdw1nXA=
> =0bIb
> -----END PGP SIGNATURE-----
>
> --
> Ec2-beta mailing list
> Ec2-beta at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ec2-beta
>
>


-- 
Michael Greenly
http://blog.michaelgreenly.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/mailman/private/ec2/attachments/20090310/d01116db/attachment-0002.htm

More information about the Ec2-beta mailing list