CS Computing Services Security Policy FAQ

CS Grads, CS faculty desktops

Can I manage (have full administrator access, and full responsibility for) my desktop?

Yes, as long as you abide by the University Eligibility and Acceptable Use Policy for Information Technology (EAUP).

On a machine I manage, can I get access to my home directory?

Not through NFS. You can use smb via a ssh tunnel however.

Can I give others accounts on my self managed box?

Yes, as long as you abide by the EAUP.

What can I do with my self managed box?

Anything, as long as you abide by the EAUP.

Grad and Lab desktops

Will you open a port on all the linux machines?

No.

Will you open many ports on one machine?

No.

Will you open one or a few ports on one machine?

Usually. We would like to know what service you are running, and may deny this request if we know the service has a bad history.

Departmental services

Can I ssh into a techstaff managed departmental server?

No. (Except login servers, of course)

Can I be an administrator for a service, or have special privileges, for a departmental service?

You can if you are the primary customer of the service, i.e. if we are accountable only to you in event of a service failure.

Can my students directly connect to some departmental service from the Internet, other than http or sshd, such as the instructional mySQL or Sybase services?

If the service is intended only for CS account holders, then no. This is "Least privilege". They can connect directly after establishing ssh tunnels, or by using the University's VPN.

Research servers or instructional servers dedicated to some class

Can I get a box set up for my class, and allow students to access its services directly from the Internet?

Yes, if this service is limited in time, like for the duration of the class. No NFS home directories.

Can I be administrator of my service, or have some special privileges, if you manage my machine?

Other than root, Yes

Can I have root on my computer?

Yes, if you manage the OS.

Can I run random web services?

Yes, but no NFS home directories.

Can other users connect from the Internet to non ssh or http services, such as MySQL?

Yes, but no NFS home directories.

CGI

I'm not CS faculty or CS graduate student. Can I run off-the-shelf cgi on your cgi server?

No, unless you have a CS faculty sponsor.

How about hand-coded cgi?

Yes, but you must register.

I am a CS faculty or CS graduate student. How about me?

You may run off-the-shelf cgi, but it must run on our isolated server, and you must register.

Non-Techstaff managed systems

I'm a CS faculty, or have one as a sponsor. I have a CNET account. Can I put my box in your machine room?

Yes.

I have a CS faculty sponsor, but no CNET account. Can I put my box in your machine room?

Subject to NSIT approval. Subject to quick disconnection from the network if problems are detected.

[ About Us | Education | People | Research | Facilities & Computing | Search this site | View Page Source | Contact Us | Site Map | Login ]
©2012 The University of Chicago® The Department of Computer Science
1100 East 58th Street, Chicago, IL 60637 :: ph 773.702.6614 :: fax 773.702.8487