yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1771198] [NEW] Support disable_root-esque behaviour for other users

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Dan Watkins <daniel.watkins@xxxxxxxxxxxxx>
Date: Mon, 14 May 2018 19:54:31 -0000
Reply-to: Bug 1771198 <1771198@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When building Ubuntu cloud images, we prefer to name the default user
"ubuntu" where possible, to maintain a consistent user experience
between substrates.  Some clouds, however, like to have a consistent
user name across all of their various image offerings.  This is an
inherent conflict.  One way in which we have agreed to resolve this is
to use the messaging that the disable_root behaviour currently provides
on the cloud-specific user, to point to the ubuntu user.  This means, at
least, that users are given some direction (rather than being left
wondering if their instance has provisioned correctly, or if their SSH
keys are invalid, or &c.)

I propose a new cloud.cfg key named "ssh_disable_users" which defines a
list of users.  For each of these users, cloud-init will ensure they
exist, and configure the system so that users SSH'ing to that user will
be redirected to the default user (a la disable_root behaviour
currently).

(`disable_root: True` would translate as `ssh_disable_users: ["root"]`.)

** Affects: cloud-init
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1771198

Title:
  Support disable_root-esque behaviour for other users

Status in cloud-init:
  New

Bug description:
  When building Ubuntu cloud images, we prefer to name the default user
  "ubuntu" where possible, to maintain a consistent user experience
  between substrates.  Some clouds, however, like to have a consistent
  user name across all of their various image offerings.  This is an
  inherent conflict.  One way in which we have agreed to resolve this is
  to use the messaging that the disable_root behaviour currently
  provides on the cloud-specific user, to point to the ubuntu user.
  This means, at least, that users are given some direction (rather than
  being left wondering if their instance has provisioned correctly, or
  if their SSH keys are invalid, or &c.)

  I propose a new cloud.cfg key named "ssh_disable_users" which defines
  a list of users.  For each of these users, cloud-init will ensure they
  exist, and configure the system so that users SSH'ing to that user
  will be redirected to the default user (a la disable_root behaviour
  currently).

  (`disable_root: True` would translate as `ssh_disable_users:
  ["root"]`.)

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1771198/+subscriptions

Follow ups

[Bug 1771198] Re: Support disable_root-esque behaviour for other users
From: Chad Smith, 2018-09-14