Home

Computer Use Policy  


Computer Use Policy

This document outlines the acceptable use of computing facilities in the Math Department, Oklahoma State University. Some of the details are outdated.

Policy

 

 

Privacy

Files

For this document we differentiate between kinds of file access.

Inode access
This includes looking at a files statistics. These include modification/access times, file permissions, file types, statistical analysis of contents, file size and file name. This is like the information given by the ls command.
Human file content analysis
This is where the contents of a file are examined by a human. This is like using less to look at the contents of a file.
File modification.
This is when a file is moved, deleted, or its content is changed. This is like using vi to EDIT a file.

Inode access can/will occur at the discretion of the system administrators. Inode access will not regularly be announced before or after it has happened. Examples of this kind of access are

  • The quota system will check file sizes when it runs.
  • The security scanner will look for suid files, .rhosts files, passwd files, etc...
  • File system integrity checkers will check file links and inode tables.
  • The Backup system will copy a users files to tape.

Human file content analysis is extremely rare. This almost never happens. This is usually in response to a user request ("Can you look at my .cshrc?") or to a system integrity emergency (a file system integrity problem for example). The sysadmins will usually attempt to inform the user before such access. In some cases this is not possible. In this case the user will usually be informed after such access. In some very strange cases a user might not be informed (If the user were being investigated for example). The sysadmins will also provide such access to law enforcement officials.

File modification. This almost never happens unless a user requests it. ("Can you fix my .cshrc?") or a system integrity emergency arises (a file system integrity problem for example). The sysadmins will usually attempt to inform the user before such access. In some cases this is not possible. In this case the user will usually be informed after such access. In some very strange cases a user might not be informed (If the user were being investigated for example). Network Traffic(e-mail, www--netscape, etc...) For this document we differentiate between kinds of Network access.

Network traffic statistics.
This includes packet type, destination, source and size.
Network traffic content.
This includes the content of packets.

Network traffic statistics are collected all the time. We monitor how well the network is working 24 hours a day. Network traffic content is almost never looked at. If this occurs it is usually in response to a system integrity emergency (The network is being attacked example). The sysadmins will usually attempt to inform the user before such access. In some cases this is not possible. In this case the user will usually be informed after such access. In some very strange cases a user might not be informed(If the user were being investigated for example). Note that when the packets leave our floor we have no control over who sees them or reads them. OSU keeps stats on network traffic. For example if you connect to www.hotbabes.com from your office computer, then OSU will know about it.

Processes

For this document we differentiate between kinds of process access.

PID read access
This includes looking at process resource usage. These include CPU time, memory, owner, parent, spawn, and terminal information. This is like the information given by the ps command.
Memory image/dump analysis.
This is where the contents of the ram that a program is/was using is looked at. This is like what you do with a debugger.
PID write access.
This is when a process is modified--not the ram image just the PID. This is like using renice or kill on a process.

PID read access can/will occur at the discretion of the system administrators. PID access will not regularly be announced before or after it has happened. Examples of this kind of access are

  • The system integrity scanner will check process memory and cpu.
  • The security scanner will look for suid programs and bad network programs.

Memory image/dump analysis almost never happens. The sysadmins will usually attempt to inform the user before such access. In some cases this is not possible. In this case the user will usually be informed after such access. In some very strange cases a user might not be informed(If the user were being investigated for example).

PID write access is very common. Look at the section: Resource Use

Encrypted Files

If the sysadmins wish to see the plain text contents of an encrypted file---that is they want a user to decrypt it---then that user is required to decrypt it or to give the decryption method to the system admins. If the user refuses then thier account will be locked and every effort to decrypt the file may be used.

The Bottom Line

The OSU Math Department tech staff respect the users right to privacy. While system administrators do monitor resource usage and check for files the compromise system security, they will not read your email or the contents of your personal documents unless you use your math department account for illegal activites, hate mail/threats, or there is an ongoing investigation. If you use your math department account for any of the above mentioned activities you forfeit your right of privacy on your account.

 

 

User Liability

An authorized user is responsible for any use of his/her account. This includes usage of an account by some person other than the authorized one. Here authorized user is defined to the the person the account was assigned to. This authorized user may also be called the account owner.

Even if an account is compromised due to a break in it is still the responsibility of accounts owner. This policy implies

  • You should NEVER share your account with anyone. Account sharing is strictly forbidden anyway. Account sharing is grounds for account deactivation.
  • This is good reason to pick a good password and keep it secret.
  • If someone does something illegal with your account you are in trouble too.
  • You could be held responsible---and required to pay for--damages to computer hardware and software damage from your account.

 

 

Account Sharing

An account's authorized user is the only person that should use that account. Here authorized user is defined to the the person the account was assigned to. This authorized user may also be called the account owner.

Account sharing is strictly forbidden. Account sharing is grounds for account deactivation.

 

 

Disk Quota System

What is a quota?

A quota is a limit placed on the amount of drive space a user may use. Some quota systems only monitor the disk usage in a users home directory, but ours can monitor disk use anywhere on the system.

Why do we have a quota system?

We have a quota system because we only have limited disk space. If it were not monitored, we would fill up our mounts. On a UNIX system a full mount usually leads to file damage and a lot of people who can't get there work done.

Who has a quota?

Every user on the math departments computers systems has a quota assigned. This quota and the enforcement of this quota varies from user to user. The files under the quota system include the users home directory and mail INBOX. If the user has other directories, they are monitored too.

How does it work?

The quota mechanism in place is not the hard quota system that many UNIX versions--including Solaris--use. Rather it is a home grown quota system that provides for much more flexibility for both users and system administrators alike.

Each evening the system checks the disk usage of each user. It compares this usage to the allowed usage--the quota--for those files. If the use is greater than the quota then some action is taken. The action taken depends on the type of quota enforcement the user has on those files.

What are the types of quota enforcement?

The system has several levels of quota enforcement. They included

  • none: No enforcement at all.
  • lax: 28 reminders are sent, and then "normal" enforcement starts.
  • normal: Two reminders, two warnings, two threats, two real threats, and then account deactivation.
  • harsh: One reminder, one warning, one real threat, and then account deactivation.
  • elax: 7 reminders and then "normal" enforcement.
  • enormal: One reminder, one warning, one threat, two real threats, and then account deactivation.
  • Active: This is a very different kind of enforcement class.

What is active quota monitoring?

Active monitoring is used for users that become a problem. These people have their usage monitored at random times. This monitoring occurs all day and can shut down there account in a matter of hours or minutes if they go over there quota.

What happens if I don't pay attention to the quota e-mail?

Eventually, in all enforcement levels except "none", your account will be deactivated.

What are the standard quota assignments?

Home dir minimum typical maximum enforcement
Faculty 30Mb 50Mb 100Mb lax
Grad Student 15Mb 20Mb 30Mb normal
Visiting Faculty 20Mb 30Mb 40Mb lax
Guest 10Mb 15Mb 25Mb normal/harsh
Staff 15Mb 25Mb 30Mb normal
Lecturer 15Mb 20Mb 30Mb normal

What if I NEED more space?

Reply to a quota message. Include in the reply why you need more space. Be specific. We can be quite accommodating for genuine work related space requirements. Some very special arrangements have been made in the past and can be made in the future. The quota system should not get in the way of your WORK.

Is there someplace else I can put my files?

Yes. You can use the OSU SUNs, one of our Samba shares on hardy, and various other OSU computers.

 

 

Backup System

The UNIX computers in the department have a regular backup schedule.

 

Schedule for hardy, mail and www

A complete backup of crucial system directories and home directories is taken weekly. Incrementals of crucial system directories and home directories are taken nightly.

 

Can I get files restored?

Yes. However, this is a time consuming task for the system administrator. If you accidentally delete a file, you cannot expect to have it restored from a backup immediately. The admins will get to it as soon as they can. It may take 24 hours to get a file restored.

 

 

Acceptable Use

Read the OSU acceptable use policy regarding computer use. It applies to us too. Basically you must remember that some things are just not acceptable. These include, but are not limited to :

  • Using our systems to "crack" into other computers or to engage in computer crime.
  • Using our systems to provide access to material that would contribute to a sexually hostile environment--i.e. no porn.
  • Using our systems for business--i.e. in some way such that you make money by utilizing our system.

Departmental Rules for Acceptable Use

  • No cracking software will be used on our systems. (crack, hack, cops, satin, etc...) No system passwd files for math computers are to exist in user accounts.
  • Each user will respect the privacy of other users
  • mail.math.okstate.edu will be used only for mail applications.
    • applications for remote access: Telnet, FTP, r-commands, POP2/POP3, imap.
    • local applications: ispell, emacs, pine, mail, elm.
    • Unsupported applications: Anything not on the "remote access" or "local applications" list. This means that anything you use on this computer that is not listed might be broken or disappear at any time with no notice. The ability to use these unsupported tools is only provided with the understanding that no questions will be asked about them and no complaints will be made about them. In short the system managers do not ever want to hear about them. If you choose to use this computer in a non-standard way, then this is a risk you must take.
    • Unacceptable applications: Any application that endangers the function of this computer is not allowed. Violation of this policy may result in account deactivation. Examples include games(doom, tetris), bots, irc chats,etc..
    • No email shall be sent or received that is more than 5Mb. Violation of this rule can result in account deactivation.
  • www.math.okstate.edu will be used only for hosting web pages.
    • applications for remote access: sftp and ssh.
    • Local applications: emacs, vi, ispell, cgi-bin stuff, perl, sh,...
  • All resource policies will be respected. See: Resource Use and Disk Quota System

 

 

Software Support

Levels of support

  • Supported: This means that the package is to run as documented if possible. Bugs don't count.
  • Unsupported: This software was installed, but receives no support. It is not guaranteed to run or run correctly. This software is not "bad", just not supported. This software exists with the understanding that the sysadmin have no responsibility to maintain it, answer questions about it, etc.
  • Depricated: This software is not supported. It is not guaranteed to run and there may not be anyone to ask for help with using it.System updates may break this kind of software. This software might even disappear. It will NOT be fixed if broken. It is "BAD" software.

 

 

Software Upgrades and Installations

What is the procedure for having new software installed?

Ask the system administrator if it can be installed. Once a piece of software is targeted as potentially useful the following steps are performed.

  • A "Software upgrade RFC" is sent out to every user on the system.
  • After a two(2) week waiting period all comments are considered. It is decided at this point if the software will actually be installed.
  • The software is installed and tested.
  • Once the installation is stable, the final links and installation are done making it available for general use. At this time the previous version, if it is being kept, is setup as a secondary version.
  • Then a "Software upgrade announcement" is sent to all users on the system.

What is the proceedure for software upgrades?

If you are aware of a new version of some piece of software on our servers and would like to see it installed ask the system administrator. There are several factors that figure into whether or not updates are installed:

  • Is the newer version of a particular piece of software something that the department has to purchase?
  • If the software is one that OSU has a license for, does CIS have the update yet?
  • Are there any known problems or bugs in the updated version?
  • Is the current version being used by a majority of users in the department? If so, will they be able use their older programs/files with the newer version?

Who has the final say regarding an upgrade?

The sysadmin and the faculty computing committee have the final say.

Are old versions kept?

It depends on whether the new version of the software can run with the old version still installed, how compatible they are, etc. It's probably a good bet that older versions won't be preserved.

Operating System Choices

The operating system of choice for office PC's is Windows. Ubuntu/Debian Linux is also available. However, if you want Linux on your desktop machine you must chose between:

  • Being a user on your machine - You have an account just you do on hardy, you will not have root privileges. The departmental system administrator retains root control of your machine and assumes responsibility for software installation, maintenance, etc.
  • You assume complete responsibility for your machine. This includes installation, configuration, software upgrades, backups and any ongoing administration tasks. The system adminstrator may help you finding materials to educate yourself about Linux. She/he will not upgrade or install your sytem for you.

    You are responsible for that system's security. An unsecured Linux box in your office can be a gateway for a hacker to get into our departmental systems.

Resources.

What are "Resources" and what is this section about?

By resources we mean the components of the computer that are used by processes. Only limited resources are available and thus must be conserved. What you will find here are the general polices with regard to how much of a given resource a process or user may use.

How much is there?

Hardy as 4 CPUs. These CPUs are Pentium III's. A single process may use up to one of these CPUs. Hardy has a gig of physical ram and utilizes much more virtual ram. Hardy only has one Ethernet adapter that is active. It is 10base-T.

How much may I use?

single process use leading to termination
cpu 25% for 30 min
cpu 100 hours total
memory 50Mb for 30 min/100mb for 2 sec
ethr 25% for 10 min/60% for 2 sec
single process use leading to renice
cpu 10% for 30 min
cpu 50 hours total
memory N/A
ethr 10% for 30 min
single user use leading to termination
cpu 30% for 30 min
cpu 200 hours total
memory 70Mb for 30 min/110mb for 2 sec
ethr 25% for 10 min/60% for 2 sec
single user use leading to renice
cpu 25% for 30 min
cpu 100 hours total
memory N/A
ethr 10% for 10 min

Copies of xlock and Netscape may be killed at any time. If the system is loaded these are the first target processes.

What if I need to use more resources than normal?

You talk to your sysadmin. Talk to your sysadmin whenever you run a CPU or memory hungry program. There may be a more appropriate place to run the program.

What should I do to conserve system resources?

There are two basic things that you can do to conserve system resources. First you can just avoid running programs that are wasteful of resources. The following programs may be very wasteful of resources: netscape, mathematica, maple, olwm, Emacs, TeX, ghostscript and xlock.

Many of the above programs are necessary on a day to day basis. What to do? Well if you are doing something like a long computation in maple or Mathematica you could nice the process. That means that you use "nice" to run it. For example "nice -20 netscape" will run netscape at a reasonable scheduling level. Some programs we just don't use like xlock and olwm.

 

Account Deactivation

Accounts may be deactivated at the discretion of the sysadmin. To have your account reactivated you must go to your sysadmin and discuss what ever it was that got your account deactivated.

What can get my account deactivated?

  • Quota violations
  • System abuse as listed in the acceptable use section
  • System resource abuse
  • Your account is repeatedly hacked

 

 

Account deletion

What can get my account deleted?

If you are still associated with the OSU math department, your account can be deleted if you abuse the math department computing resources. The department head has the final say in this.

If you are leaving, or have left the OSU math department your accounts will remain active for one semester after you leave. If you need your account for a longer period of time talk to the system administrator.

What is the process?

The typical process is

  • two weeks before the account is deleted
    • The user is e-mailed in most cases.
    • The user ID is posted on the system news page.
    • The account may be deactivated. (if the delete is a disciplinary action for example or at the request of the user)
    • E-mail forwarding may be removed if the delete was the result of disciplinary action.
  • After the two weeks
    • The account home directory is saved
    • e-mail forwarding may be started if requested by the user and the user is in good standing.
    • The user ID is placed on the saved list on the system news page.
    • The account is deleted (All traces are removed)
    • The user ID is posted on system news page as notification that it was deleted.

Schedule

The current schedule for automatic account deletion is the second week of each semester.

May I have my data saved on some media?

Yes. You may supply media.  The system administrator will copy your data onto whatever media you supply. If you want your data saved, you need to let the system administrator know at least a week in advance.

New Accounts

Who may request new accounts?

  • The department chair or a faculty member if the request is for a student or collaborator. The department head has final say on this.
  • Shelly Downing, if the person is an official new addition to the department

 

 

User Ids

Your user id is created from the intial letter of your first name and your last name. Existing user ids on our system are also a consideration - i.e. if two people have the same or very similar last names. If you want your math department user id and your regular OSU user id to match, your math department user id can be changed. If you have another good reason for wanting to change your math department user id ask the system administrator. With over 200 users on our system, user id's can't be changed just because you don't like what you ended up with.

 

 

System Downtime

As part of regular maintenance, hardy is rebooted monthly. This kills off any old login files, zombie processes, etc that can hang around and slow the system down. Monthyly reboots will take place on either Tuesday or Thursday of the first week of the month at 5:00pm or on weekends. A notice will be sent out to all users reminding them of the scheduled reboot.

Periodically departmental systems will need to be taken down for maintenance, software upgrades, etc. A message will be sent to everyone in the department before systems are taken down. Every effort will be made to schedule downtime so that systems are taken down after 5pm and not during the week when grades are due, etc. Optimally 24 hours notice will be given. If that's not possible you may be notified during the day that downtime is scheduled for that evening.

Only in emergency situations will the systems be taken down during the day and/or on short notice. Every effort will be made to notify users in advance, even if it's only 5 minutes in advance, when an emergency arises.

 

 

System Security

 

Password Security

All system users are responsible for selecting a good password. Most Unix systems are hacked via poorly chosen passwords that someone from the outside cracks. In order to remove this danger some system administrators do not allow users to chose their own passwords; users have assigned passwords that are generated by the sytem. We've chosen not to do that here.

If a users account is repeatedly compromised (i.e. used to hack into the math departmental systems) that users account can be deactivated and the user may lose the privilege of creating his/her own passwords.

 

 

What the Tech Staff Can Help You With

The OSU Math Department does not employ a full time system administrator to keep all the equipment in the department running happily. There is a student tech who does some maintenance and some faculty who help keep the servers running.

It is not the tech staff's job to teach you how to use the computers. There are online computing howtos to answer some of the more common questions on computing in the math department. In 421, there are books available on Unix, LaTex, etc that you are welcome to use also.