cloud-init team mailing list archive

[Michael Felt <michael@xxxxxxxxxxxxx>]

The default behavior in some linux distributions is to disable login to 
root regardless of where the user is coming. Having a way to set this, 
regardless of the distro default I see as a big plus - HOWEVER, from an 
AIX viewpoint I have a question/comment.

Within AIX (and maybe Linux, freebsd, et al) it is possible to 
distinguish between login from a remote location (i.e., via network) or 
"local" - via console or physical COM (rs232) port. I expect the 
cloud-init model is as I have experienced (limited) Linux. Login is 
available/permited regardless of "wherefrom", or it is denied - regardless.

What I would like to see (read, what I recommend) for root on AIX, is 
that by default "remote" login is disabled, but "local" login is 
permitted. In other words, login via a virtual console (via HMC or IVM) 
is permitted, otherwise - not.

So, I would add an extra setting:

disable_root: false|true|remote

and the default is true for cloud-init (aix distro would change it's 
value to remote).

Comments,

Michael