yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1373491] Re: feature request: option to run user-data as non-root

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: James Falcon <1373491@xxxxxxxxxxxxxxxxxx>
Date: Wed, 10 May 2023 04:12:13 -0000
Reply-to: Bug 1373491 <1373491@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Tracked in Github Issues as https://github.com/canonical/cloud-
init/issues/2483

** Bug watch added: github.com/canonical/cloud-init/issues #2483
   https://github.com/canonical/cloud-init/issues/2483

** Changed in: cloud-init
       Status: Confirmed => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/1373491

Title:
  feature request: option to run user-data as non-root

Status in cloud-init:
  Expired

Bug description:
  We have a use case where we want to offer users cloudable services
  (AWS, Openstack), but *without* the possiblity of getting root access.
  We can lock down an instance of course, by denying root logins and
  removing the instance user from sudo, or restricting the rules.

  But we'd like to still allow user-controlled user-data. The idea is
  that a user might boot a machine with user-data that say, wget's a
  .war into the tomcat directory, or changes a configuration file that
  isn't system-wide. Or even bootstraps their $HOME/.bashrc, etc. files.

  Right now, the user-data option is going to run everything as root,
  meaning they must specifically fixup ownership and permissions, not
  the mention that they could do really whatever they want.

  My proposal would therefore be some sort of option, like user-data-
  account: www. If not specified, it defaults to root.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1373491/+subscriptions

References

[Bug 1373491] [NEW] feature request: option to run user-data as non-root
From: Matt Lesko, 2014-09-24