Privileged Access
The following policies govern privileged (root, superuser or administrator) access to Computer Systems Lab computers. They are designed to protect the integrity of CSL computers and comply with UW-Madison and UW System policies, while allowing appropriate access for research purposes.
See also: Privileged Linux Access (sudo or ksu)
Desktop Workstations and General Purpose Research Servers
In certain circumstances, privileged access to a general purpose research workstation or server will be granted to specific users of that computer.
- Requests for privileged access will be considered by the Director of the Computer Systems Lab. Requests that are turned down may be appealed to the Computing Facilities Committee.
- Requests must be submitted by the sponsor (faculty or authorized staff) supervising the research
- Students requesting privileged access for course work need the approval of the instructor in addition to the approval of the Systems Lab Director.
- Privileged access will be for a specific research purpose and must be revoked when no longer needed for that purpose.
- The principle of least privilege will be used to grant privileged access: only the specific access that is required will be granted.
If privileged access is granted:
- Users do not have permission to modify any files except in designated user directories without specific authorization from the CSL. Specifically, no system configuration files may be modified unless specifically authorized.
- Users may not use their privileged access to examine or modify the files or data of any other users of the system.
- Users may not boot or power off their workstation without specific authorization.
- Users may not add or remove users from the workstation.
- Users may not in any way compromise the security of the system.
Privileged Access to Special Purpose Research Computers
Privileged access to computers designated for special-purpose research may be granted to users of those computers. In addition to the above policies:
- Such special-purpose computers will not have any users’ home accounts or contain confidential information or data
- Mechanisms, procedures and restrictions governing privileged access will be agreed to by the faculty members responsible for the computer system and the Director of the Computer Systems Lab.
- If necessary, the Director of the Computer Systems Lab may impose other restrictions on such computers in order to protect the security of the computing facility.
Expiration and Renewal
Privileged access will expire each semester, unless renewed by the sponsor.
Privileged Access To Other Facilities
Privileged access to the following CSL facilities is restricted to designated CSL staff:
- Instructional facilities
- CSL Servers and Infrastructure computers
- General-purpose multiuser computers