I am looking for where the default Amazon AMI linux image sets up the privileges for the default ec2-user account.
After logging in with this account I can use sudo successfully. Checking via the sudoers file, which I open by running visudo (with no other options) I see a few default settings and permissions for root ALL ALL
So … Where is the permissions for ec2-user assigned?
I have not yet tried to add a new permission but ultimately I want to resign ec2-user for systems management tasks and use a non-full root user for administering the applications (stop and start mysql, httpd, edit apache's vhost files, and upload / edit web content under the web root)
Best Answer
It's in
/etc/sudoers.d/cloud-init. I, too, delete it from my production systems as soon as I can.It is included by virtue of the line
in the
/etc/sudoersfile. Note that, as it says, that leading#isn't treated as a comment sign. On some of my servers, it's also in/etc/sudoers.d/90-cloud-init-users; it may be safest touserdelthe ec2-user user.