1. Policy Summary

This policy addresses the installation and configuration of hardware and software in the Department of Scientific Computing (DSC) and privileged access to these systems.  This policy applies to all equipment (software and hardware) supported by DSC and purchased with university funds, be they contract and grant funds or state funds.  The policy was written by the Local Systems Committee (LSC) and endorsed by the departmental faculty.  Questions or concerns regarding the following policy should be sent to the LSC (mailto://This email address is being protected from spambots. You need JavaScript enabled to view it.).

2. Definitions

Area Research Server: A computer that serves a specialized research function. This typically refers to computer allocated to or purchased by a particular faculty or staff member.  Access to these computers is usually limited to a subset of the DSC community and is usually made via a network connection.

Personal Computer: A computer used primarily by one individual. This typically refers a computer allocated to or purchased by a particular faculty or staff member.  Personal computers generally function as standalone units to which primary access is made via a locally attached keyboard, mouse, and monitor. Personal computers include IBM-compatible PCs, Unix/Linux workstations, and Macintosh machines.

Floor Desktop Computer: A desktop computer (see above) available on a first come first serve basis or on a scheduled basis in a DSC classroom.

Floor Network Server: A computer used to indirectly support the research activities of the DSC community.  This definition includes machines such as the DSC web, file, and mail servers.

Floor Research and Training Server: A computer used for research and instructional/training activities, which is available to the DSC research community and qualified students on a first come first serve basis. Access to this class of machines is usually made via a network connection.

3. Guidelines

Purchasing

  • The TSG is responsible for purchasing Floor Systems (i.e., Floor Network Servers, Floor Research and Training Servers, and Floor Desktop Computers) and the software installed on these machines.
  • Faculty members are responsible for purchasing Area Research Servers, Personal Computers and the software installed on these machines.
  • Faculty members are required to inform the TSG of hardware and software purchases so that the TSG can maintain an inventory of software licenses, plan for network connectivity, power, and setup (in qualified cases).
  • TSG will assist in researching and purchasing hardware and software when faculty members request such assistance.

System Set Up and Configuration

  • The TSG is responsible for the setup and configuration of all Floor Systems (i.e., Floor Network Servers, Floor Research and Training Servers, and Floor Desktop Computers).
  • Faculty and staff with systems that differ from the standard Floor Systems should expect to accept greater responsibility for the setup, configuration, and administration of their systems.  TSG can typically install and maintain software on systems that do not qualitative differ from the standard Floor Systems.  For example, a system with more memory or with a larger hard drive compared to Floor Systems can be installed and maintained by TSG.  Systems made by a different vendor or systems with devises (e.g., hard drive controllers, network cards, etc.) that do not conform to the standard Floor Systems configuration will be setup and supported by the vendor, RA, or faculty member.  Systems not setup and maintained by TSG will be assigned to the DSC “sandbox” network and will not have direct access to networked file systems and departmental printers.
  • Inherently insecure software and system services will be disabled and/or removed from machines.  The LSC is responsible for approving a list of insecure software and services. When it is impossible to find a secure software alternative, the system will be moved to the DSC “sandbox” network.

Root Access/ System Security

Access to root or administrative privileges on DSC machines is controlled by the “sudo” command (Macintosh, LINUX and UNIX systems) or by adding users to administrative groups (Windows and Macintosh systems).  Using commands such as “sudo” or assigning users to privileged groups is useful for the following reasons.

Privileged access is allowed for the following people:

  • TSG staff and those working with TSG staff to perform system administration tasks on all DSC computers.
  • All faculty members are allowed to have privileged access on their Personal Computers and Area Research Servers.
  • Visiting faculty, students working with DSC faculty, and postdoctoral fellows can have privileged access on their Personal Computers and Area Research Servers.  Privileged access on DSC systems will not be given without the permission of the sponsoring DSC faculty member.
  • The LSC is responsible for approving requests for privileged access. Faculty and/or staff members responsible for the computer system will agree to the mechanisms and policies governing privileged access.

Privileged access requires the following:

  • Agree to this policy
  • Practice good password management. For example:
    • password is composed of at least eight letters, numbers and special characters or alternating cases
    • change password regularly
    • do not transmit password in plain text (e.g., via POP, FTP, RSH, or Telnet)
  • On LINUX/UNIX systems do not use the sudo command to run a shell (e.g., “sudo bash”) unless there is no other alternative.  Continue using the “sudo” command if you have started a root shell.
  • Do not use privileged access to log on to a system as another user unless you have first received permission from the user.
  • Report system changes to the TSG.  TSG will work diligently to restore a user’s system in the event of a system failure; however, if the system has been highly modified and the TSG was not aware of the changes made to the system, then the only option may be to reinstall the host operating system from the standard system image.
  • Those persons granted privileged access to work on a “Floor system” must consult with the TSG before making system level changes.
  • Do not change the root password on system.
  • Do not install software or activate system services that are listed on the insecure software and services page (http://www.DSC.fsu.edu/tobenamed.html).
  • All systems on which faculty and staff have administrative privileges must maintain a TSG privileged account.  If the TSG privileged account is used interactively, the owner of the computer will be contacted by TSG as soon as possible.  Those using the TSG privileged accounts will use the sudo command whenever executing privileged commands.  TSG will consult with the owner of the computer before making major system changes.
  • All systems on which faculty and staff have administrative privileges may be periodically scanned for insecure software and servicesFailure to follow these guidelines may result in the loss of privileged access and/or the computer being denied access to basic network services (e.g., printing and NFS to the main DSC file server).