Computer Science Department Appropriate Use Policy
Introduction and General Policies
This web page is the definitive source of system policy information for the Computer Science Department, and all policy information relating to it will be found here. Computer Science Department Policies augment the
Claremont Colleges Appropriate Use of Campus Computing and Network Resources Policy. You are expected to abide by all terms in the campus-wide policy in addition to those below when using the Computer Science Department facilities.
These policies delineate the responsibilities of users of the Computer Science Department Computing Facilities. It is impossible for a policy to cover all aspects of user behavior; thus users should recognize the community that they are part of and behave accordingly. If one has any questions or concerns about their actions or the actions of other community members, they should consult the Computer Science Department Faculty or Staff.
Policy changes may be made by the Computer Science Department System Staff and will be posted as system notices. Users are responsible for reading and complying with all such policy statements.
Academic Policies
Other department policies (particularly those regarding the curriculum) are found on the main
Policies page.
Your Account
The CS computing facilities are available for authorized users who have been given a login name and a password. Each user may use only his/her own account and may not allow others to use his/her account.
All communication regarding your account on the CS cluster will be directed to that account's e-mail address. Any mail sent to that account will be assumed to be received and read within a few days, so if you do not check your CS e-mail address frequently, it will be to your advantage to set up a
.forward
file (see the
mail documentation) or a procmail system to ensure that important account mail reaches you promptly.
Certain accounts are created with the intent that they be used by multiple people. Specifically, grader accounts (identified by the "grad" suffix in the account name) and clinic accounts are authorized to permit multiple persons to use them. No other accounts can be used by people other than their owners without explicit permission from the CS staff.
Personal accounts should never be shared with people other than their owners. If you knowingly allow another person to use your account, you will be liable for everything that they do with it, and in addition, you may face normal penalties for policy violation, regardless of the actions they take.
Under no circumstances should a person who does not have an individual account on the system be permitted to access any accounts on the system, including legitimate multiple-user accounts.
The following sections define specific policies governing the use of your account.
Your Name
Users have a full name associated with their username (for example,
jdoe (John Doe)
). If the name attached to your username isn't the name you normally use, CS Staff will change that name to the one that you normally use. So, if you are John Doe, but everyone calls you Adam, staff will change your name so that you are now
jdoe (Adam Doe)
if you ask them to do so.
Passwords
Each user is assigned a username and a random password when he/she is issued an account. Users are required to change their password upon their first login. In order to do so, follow the instructions
here.
Users are responsible for choosing a secure password and maintaining its secrecy.
A cracked account threatens the security of not only the account owner, but of the entire system. As such, it is very important that passwords be secure. Users are required to obey the rules detailed here and in the
passwd documentation.
Passwords are private. A user may NOT give his/her password to anyone else (including roommates, friends, family members, research partners, grutors, professors, etc.). Under no circumstances should you send your password to anyone over the web (via email, IM, etc.), this exposes your password to the entire world.
The Computer Science Department System Administrator and Computer Science Department Student Staff will randomly run password cracking programs in an attempt to enforce the use of secure passwords. Users whose passwords are cracked will have their accounts revoked until such a time as they contact the Computer Science Department System Administrator or Computer Science Department Student Staff and change their passwords.
Disk Usage and Quotas
When a user is granted an account on the system, he/she is given a designated area of the system in which to do his/her work. This is called the user's home directory. People using the system are expected to keep projects they are working on in their home directory, or some subdirectory of their home directory. Only with faculty or staff permission should users place files elsewhere on the system.
The file system
/tmp
is the home of many system temporary files. Programs such as emacs create temporary files here. Users may also store files temporarily on
/tmp
under very limited conditions: the files
MUST be cleared before logging out, and under no circumstances should files be left there for more than a few hours. Users should only use
/tmp
to store files that they need for a very limited time, and will soon dispose of. Also, users should
NOT transfer any files to
/tmp
if it is more than 75% full. To determine how full it is, type
df /tmp
and make sure that "capacity" is under 75%.
UNDER NO CIRCUMSTANCES should you erase or modify anything in
/tmp
except files which you have placed there. Finally, users should
NOT create directories in
/tmp
for storing their own files.
The
/clinic
,
/research
, and
/proj
directories exist to provide extra space for certain types of work. The
/clinic
filesystem is designed for the use of CS clinic teams working. The
/research
filesystem is designed for use by CS research groups.
/proj
is meant for system projects, such as compilation of officially sanctioned system programs. If you believe you have reason to have access to one of these filesystems, please contact system staff.
Users are granted a fixed quota of space on the system to do their work. The quotas are assigned depending on the nature of work the user is expected to be doing. If a user runs out of space, he/she can always request a higher quota, subject to review by staff. To check your disk quota, type
checkQuota -v
. See the
quota documentation for details.
Students will normally receive a quota of 120 MB. Other accounts, including faculty and staff members, will have their quota determined on a case-by case basis. If your quota is insufficient for the work you do on the system, a temporary or permanent quota increase may be permitted, also determined on a case-by-case basis.
Users who are granted additional disk space on the system (e.g. an expanded quota, a directory in
/proj
, etc.) may use that additional space
only for the purposes which they specified in their request for additional disk space.
Use of disk space other than that specifically allowed by the above policy is a violation of CS System policy.
Account Duration
Accounts given by the CS department are not necessarily permanent. Account duration is governed by the following rules. If an account does not meet any of the criteria listed below, it may be subject to deletion. Note that the guarantees given do not imply exemption from any of the other account-termination conditions.
- Off-campus (non-Claremont Colleges) account holders are guaranteed their accounts only as long as their involvement with the department (e.g. enrollment in a class) lasts.
- Students from any of the Claremont Colleges are guaranteed their accounts for as long as they are enrolled in HMC CS courses, including gaps of up to one semester, and for one semester afterwards.
- All current HMC CS majors and joint CS/Math majors are guaranteed accounts.
- All former students who graduated from Harvey Mudd with a CS or joint CS/Math major are guaranteed accounts for as long as they are actively used (see below).
- All faculty are guaranteed their accounts for the duration of their affiliation with the college.
The CS staff will be periodically performing scans of the login records. All user accounts that have not been logged into for over a year will be contacted by e-mailing the account, with a warning that the account will be removed if a response is not received. If no response is received within a month (30 days), the account will be deleted. This does not apply to current CS majors or faculty.
If an account is only being used for IMAP e-mail , the user can be provided with a minimal account which permits mail access, but no login privileges.
Mail-forwarding will be provided essentially indefinitely, but the chance of an accidental failure increases with time, and so you are encouraged to minimize your dependency on mail-forwarding as soon as is reasonable.
Notice will always be given at least one month (30 days) prior to removing an account for the above reasons, by sending mail to that account. Note that accounts may be disabled or removed without prior notification for security or other reasons not covered above.
Accessing Department Facilities
The following policies govern the means by which users may access the Computer Science Department Computing Facilities.
Physical Access
No physical access is allowed to CS Department facilities other than the terminal rooms (Beckman B102 and B105). Access to any other room is permitted only with the specific permission of a CS Department Faculty or Staff member.
No machines will be permitted on the .42 subnet except those which the CS staff, and only the CS staff, has root access, unless they are machines owned and maintained by a professor. Moreover, physical space in the machine room will be provided only to CS department machines and those belonging to the CS staff.
Remote Access
External connections to the CS Department network are any connection that originates from a host not within one of the CS Department subnets, i.e., the originating host has an IP address outside the range: 134.173.40-43. All such external connections must use a secure connection technology along the entire connection. Most notably, this means that
telnet connections to the CS Department network are forbidden. Furthermore, using
telnet from a dorm room or home to a remote machine and then using
ssh to connect to Knuth is forbidden. Basically, such connections are forbidden because connection technologies such as
telnet do not encrypt any information, resulting in passwords that are easily captured. Other forbidden services include, but are not limited to,
ftp and
rsh.
Unauthorized Access
Users shall at no point break into or attempt to break into the accounts of other users, nor shall they break into or attempt to break into the Computer Science Department Computing Facilities.
Files and Privacy
Each user's files are considered private. Others may use the files only if the owner has given permission and if access is allowed under the protection system which each user can adjust to his or her own needs (see
UNIX: The Basics). Unauthorized use of a person's files is an invasion of privacy as well as a violation of CS System Policy, and punishable by the judiciary process at the student's college, in addition to possible penalties imposed by the System Staff.
public_html
directories exist for the purpose of publicly sharing information on the web. Consequently, they are considered to be public, and may be accessed without the owner's permission, unless such access is prevented by the Unix file permissions system.
Users are expected to keep their files in their assigned directory or its subdirectories (see the
Disk Usage and Quota policy).
Professors may set specific rules regarding access controls on course directories within user home directories, for example forbidding said directories from being readable by users other than the student, for the purpose of preventing cheating and plagiarism. Users are required to follow these rules, regardless of whether they are still enrolled in the course in question. To support these policies, professors may scan your home directory to determine if any directory within it violates the policies they have set. If user directories are found in violation, the CS staff may change the permissions on the directories in question to bring them into compliance. Assisting the professors with these scans, and altering the permissions on the directories in question, is the limit of the CS staff's involvement in this regulation, and any questions or complaints, unless specifically pertaining to the actions of the CS staff, should be directed to the professor in question.
Users may not have
.rhosts
files present in any directory owned by the user.
.rhosts
files represent a significant security risk. An automated scan is performed daily to identify these files. If found, they are deleted, and their presence reported to the staff.
The Computer Science Department provides no services for securing users' sensitive information other than the standard protections provided by the operating system of the users' work environment. The Computer Science Department makes no claims as to the security of these protections and will not be held liable should these protections fail. Users who wish to secure sensitive data are encouraged to use some form of strong encryption to ensure privacy.
Monitoring Policy
The privacy of user files is not absolute. The CS Staff may find it necessary to scan user files for security compromises, or for other administrative purposes. This will be done with as much respect as possible for user privacy, and where possible will be done with automated tools which report only essential information to the human administrators. An example of this is the
.rhosts
scan.
The United State Department of Justice, General Litigation and Legal Advice Section, Criminal Division, recommends, and we follow, the following monitoring policy:
- This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.
- In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored.
- Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials.
Running Programs
The following policies govern the running of software programs on the Computer Science Department Computing Facilities.
Long Jobs
The CS staff reserves the right to kill without notification any long-running jobs which may be out of control, or are adversely impacting system performance. If you are going to run long jobs on
knuth, or any other CS department machine, observing the following protocol will improve the chances of your job surviving.
Send mail to staff or consultants if you are going to be leaving a job running after you logout. This will prevent us from thinking it is a runaway process and killing it.
Please use the
nice command to lower your job's priority and keep it from hogging the CPU. 19 is a good
nice value as this will run your job only when the CPU is otherwise idle (this is most of the time). For example,
nice -19 mylongjob
. Jobs with high priority values are more likely to be killed (remember that priority is the inverse of nice-value).
We suggest that, if possible, long-running programs be written so that they can be killed and restarted without destroying all work done. This means that if your program produces data you will need, write this data to a file as the data is created, not when the program finishes running. Also, programs which might run for large amounts of time should be given names which indicate this possibility. For example, "compute-research-data" and "clinic-project-test" are much better than "a.out" or "test".
Games
Games will be allowed on the system, subject to the following guidelines and restrictions.
Games supported by the system will be located in
/usr/games
or
/usr/local/games
. Currently, no games are installed. Man pages for installed games (if any) may be found in section 6 of the online manuals.
Users may play games at any time when their playing will not adversely impact the work of others. Game-playing is given no priority, and may be interrupted by any user wishing to work on projects or course work.
It is the game-player's duty to check system use so that he can be sure of not using resources necessary to other users.
Users may not compile or run unsupported games which utilize network access. Users should ask for staff assistance for such projects. Unsupervised use of network access is grounds for loss of account.
Programs which Compromise System Security
Users are expressly prohibited from using any program which poses a threat to system security. This includes, but is not limited to, the following types of programs: password crackers, packet sniffers, network scanners, exploits, and network attack tools. Users are expressly prohibited from running password crackers on any password table obtained or derived from any machine in the Computer Science Department.
Maintaining a Stable Working Environment
The Computer Science Department computing facilities are operated with minimal staff supervision and with as much access for faculty and students as possible. This method of operation is fragile and can be maintained only when users and staff members are cooperative and sensitive to the needs and rights of others. This is especially true in a UNIX environment because UNIX was designed for use by a community of cooperating, mature users.
Users are expected to avoid actions that might cause the system to malfunction or that might significantly reduce its effectiveness in providing computing power to other users. Abuse or misuse of the system, in the judgment of the Computer Science Department System Staff, is a violation of CS Department policy, and may be subject to the penalties outlined
below.
Student consultants are empowered to perform certain system functions that require system privileges such as killing jobs at the request of users and monitoring the performance of peripheral devices such as printers. Consultants are empowered to take actions to maintain the working integrity of the system. This may include shutting down the system and exercising directive authority in extreme circumstances.
The Machine Room
Beckman B104 houses all of the CS Deptarment's servers, including
knuth, the webserver, the fileserver, and other important machines. Additionally it houses several professors' servers. Several other departments (most notably math) keep their servers in this room as well. Therefore access to the machine room is heavily restricted.
If you are keeping a machine in the Machine Room, you must first obtain permission from the CS Dept. That machine must have root privileges given to the system administrator, Tim Buchheim, in the event that he needs to perform any maintenance in the Machine Room.
Penalties and Due Process
Abuse or misuse of the system, interference with the use of the system by others, and/or violation of the policies outlined here, as judged by the Computer Science Department System Staff, will be penalized as the Staff considers appropriate. The Staff is not a disciplinary or judiciary body. However, as part of its responsibility to ensure the stability and security of the Department systems, it may restrict or terminate the activities on the system of users who have shown an unwillingness or inability to abide by these policies.
The penalties imposed will be in proportion to the offense committed, taking into consideration such factors as repetition of the offense. Single, minor offenses will generally be handled with a verbal, e-mailed, or written warning, with no formal penalties imposed. More serious and/or repeated offenses will be subject to more serious penalties.
The Staff reserves the right to restrict the use of the Computer Science Department Facilities in any manner which it sees fit, up to and including termination of all user privileges, whether to ensure the stability or security of the system, or for any other reason. Penalties imposed by the Staff will not exceed such restrictions because it lacks the authority to do so. If the Staff considers further penalties appropriate, it will refer the matter to the appropriate authorities, such as the disciplinary body of the offender's home college, or (in serious cases) law-enforcement authorities.
A user who is directed to log out of the system by an employee in authority
MUST DO SO until permission is granted to log back in. ("employee in authority" includes CS System Staff and any others authorized to take such action by CS System Staff.)
Users are also subject to federal, state, and local laws.
Claims by users of harm done may be filed against any other computer user and should be submitted in writing to the System Staff. Such claims should document the time and place, description of the alleged harmful behavior, and witnesses available for comment. These claims are handled by the System Staff.