So let me understand this?
You don't get a root account, but someone else "manages" root for you?
Can't say I'm too surprised of course.
If you open an AWS account in China, you don't get a root account; instead, one of Amazon's Chinese operating partners, Sinnet or NWCD, has root access and creates an IAM admin user for you. Nikki Bailey, senior devops engineer at Illumina, a company that builds gear to sequence genetic data, explained as much at the DevOps- …
"The internet treats censorship as damage, and routes around it". Wasn't that what people say?
I'd say China has found a way to break that. If you have to apply for a permit to serve port 80 or 443, and you don't get root on a machine you have at least rented, the amount of "routing around" you can do is pretty damn limited!
I think all wannabe totalitarians (and I am not excluding India's Aadhaar-crazed government here, and the USA was anyway only a democracy in name for some time) taking a good look and thinking... hmm, if China can do it, why can't I?
I wonder if, in about 20 years or so, all of the dystopian fantasies of Richard Stallman and Cory Doctorow would have come true.
I'm curious as to how they would do that. It's a 5 line user-data script to add a custom account and add that one to sudoers - and user-data is run as root.
Not that I'd be surprised to hear what they do to prevent that - can't even bake your own AMIs, they filter all user-data, *prohibit* user data (or cfn-init/cloud-init)? I'd love to see their IAM profiles :P
How that is to ever lead to a culture of innovation (as opposed to copy-catting) is beyond me. But as long as our corporate overlords are happy to have our daily tat produced by cheap and oppressed quasi-slave labour to sell it at max profit here, I suppose the system works.