[ec2-beta] document: EC2 Ubuntu sudo Guide

Michael Greenly mgreenly at gmail.com
Wed Mar 11 12:12:51 GMT 2009 

On Wed, Mar 11, 2009 at 5:33 AM, Soren Hansen <soren at ubuntu.com> wrote:

>
> You yourself mentioned that you've begun to setup a lot of stuff by
> using scripts rather than doing so interactively. If you have all of
> this scripted, you could just do that on first boot, couldn't you? You'd
> save the trouble of rebundling, wouldn't have to use S3 space to store
> the AMI, etc., etc.


That's exactly how I started out.  Pushing configuration's up on first boot
like you describe.  The thing is for anything except really trivial
configurations this isn't practical.  One of my application configuration
scripts takes about 30 minutes to run.  About half of that time is just
waiting for 'apt-get install' with the rest used to build custom packages
from source.  Most people after using EC2 will very quickly realize that the
extra 2 commands to bundle and register their AMI is completely worth it.
It reduces my 30+ minute restart time down to less than 30 seconds.


>
>
> > Everyone in this conversation has entirely missed my point about this.
> > This is not something I'm advocating or ever do with live servers.
> > This is about an EC2 instance on first boot that still has not been
> > configured for use.  Don't think of it as the Ubuntu distribution
> > image.  Think of it as a pre-distribution.  In this situation there's
> > no advantage to sudo and there are disadvantages.  I'm not the one
> > failing to evolve.  You guys are all stuck in "that's how we do it"
> > mode and can't look beyond that.
>
> I'm perfectly happy to discuss the merits, benefits and drawbacks of
> using sudo instead of direct root logins. I'm less happy to do so if the
> primary "drawback" is that "everyone else does it differently".


Honestly I'm not so much asking that this be changed, just more that it not
be treated as a sin.  On first boot during scripted configurations, which
will be common on ec2, it's an extremely useful tool that does not weaken
security.  I guess my request would be a blessed command that
enables/disables root logins.  This way less experieced users could have
more confidence in knowing they didn't make a security blunder.

It reduces instructions on how to adapt other distribution tutorials and
examples to 'first enable root login, do what they say, then disable it'




>
>
> --
> Soren Hansen                 |
> Lead Virtualisation Engineer | Ubuntu Server Team
> Canonical Ltd.               | http://www.ubuntu.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iJwEAQECAAYFAkm3k3IACgkQo+Mz6+DAzGwvSgP7BnPB06WtV57XZE/GxUWorLD/
> 6Fx4K/nrcJy3XD/fatxQd7AMAmbkhsD5P1428bxVbIgJzEMAwSKjT/QjkiQSgBXl
> RWkGg6g1xq75CSvbiV903ycaeyG4Fr9BZtrLiAVe9Up3OhqXzSpRCpiMnxH5NMGT
> QmyPFluTf1qP23SqhSE=
> =xchZ
> -----END PGP SIGNATURE-----
>
> --
> Ec2-beta mailing list
> Ec2-beta at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ec2-beta
>
>


-- 
Michael Greenly
http://blog.michaelgreenly.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/mailman/private/ec2/attachments/20090311/6e77fec6/attachment-0001.htm

More information about the Ec2-beta mailing list