On 5/20/19 12:19 PM, Kevin Fenzi wrote:
On 5/20/19 9:09 AM, Przemek Klosowski wrote:
On 5/17/19 4:34 PM, Kevin Fenzi wrote:
So, this is basically the old cloud-init makes a user that can sudo to
root thing. Can anyone explain in small words how this is more secure?
In a large system, it allows granular revocation of access (Joe Bow quit
and we disabled his account)
but this is not what Cloud images do. They create 1 non root account
'fedora' (or centos or rhel or whatever) for all access (by default).
Right, but it's just a stepping stone to a world with universal
authentication, and granular authorization based on credentials from
that universal authentication.
and accountability (who logged in as root
and installed PHP 1.0?).
In this case it was 'fedora' user from ip X.x.x.x.
Which is (in my mind) no better or different than it was 'root' from ip
x.x.x.x.
Ditto. I'ts necessary but not sufficient.
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
