Privileged Access

The following policies govern privileged (root, superuser or administrator) access to Computer Systems Lab computers. They are designed to protect the integrity of CSL computers, while allowing appropriate access for research purposes.

See also: Privileged Linux Access (ksu)

Desktop Workstations and General Purpose Research Servers

  • In certain circumstances, privileged access to a general purpose research workstation or server will be granted to specific users of that computer.
  • Requests for privileged access will be considered by the Director of the Computer Systems Lab. Requests that are turned down may be appealed to the Computing Facilities Committee.
  • Requests must be submitted by the sponsor (faculty or authorized staff) supervising the research
  • Students requesting privileged access for course work need the approval of the instructor in addition to the approval of the Systems Lab Director.
  • Privileged access will be for a specific research purpose and must be revoked when no longer needed for that purpose.
  • If privileged access is granted:
    • Users do not have permission to modify any files except in designated user directories without specific authorization from the lab. Specifically, no system configuration files may be modified unless specifically authorized.
    • Users may not use their privileged access to examine or modify the files of any other users of the system.
    • Users may not boot or power off their workstation without specific authorization.
    • Users may not add or remove users from the workstation.
    • Users may not in any way compromise the security of the system.

Privileged Access to Special Purpose Research Computers

  • Privileged access to computers designated for special-purpose research may be granted to users of those computers
  • Such special-purpose computers will not have any users' home accounts or contain confidential information
  • Mechanisms and policies governing privileged access will be agreed to by the faculty members responsible for the computer system and the Director of the Computer Systems Lab.
  • If necessary, the Director of the Computer Systems Lab may impose other restrictions on such computers in order to protect the security of the computing facility.

Expiration and Renewal

Privileged access will expire each semester, unless renewed by the sponsor.

Privileged Access To Other Facilities

Privileged access to the following CSL facilities is restricted to designated CSL staff:

  • Instructional facilities
  • Servers and Infrastructure computers
  • General-purpose multiuser computers