Computer Science Department Appropriate Use Policy

Introduction and General Policies

This web page is the definitive source of system policy information for the Computer Science Department, and all policy information relating to it will be found here. Computer Science Department Policies augment the Claremont Colleges Appropriate Use of Campus Computing and Network Resources Policy. You are expected to abide by all terms in the campus-wide policy in addition to those below when using the Computer Science Department facilities.

These policies delineate the responsibilities of users of the Computer Science Department Computing Facilities. It is impossible for a policy to cover all aspects of user behavior; thus users should recognize the community that they are part of and behave accordingly. If one has any questions or concerns about their actions or the actions of other community members, they should consult the Computer Science Department Faculty or Staff.

Policy changes may be made by the Computer Science Department System Staff and will be posted as system notices. Users are responsible for reading and complying with all such policy statements.

Academic Policies

Other department policies (particularly those regarding the curriculum) are found on the main Policies page.

Your Account

The CS computing facilities are available for authorized users who have been given a login name and a password. Each user may use only his/her own account and may not allow others to use his/her account.

All communication regarding your account on the CS cluster will be directed to that account's e-mail address. Any mail sent to that account will be assumed to be received and read within a few days, so if you do not check your CS e-mail address frequently, it will be to your advantage to set up a .forward file (see the mail documentation) or a procmail system to ensure that important account mail reaches you promptly.

Certain accounts are created with the intent that they be used by multiple people. Specifically, grader accounts (identified by the "grad" suffix in the account name) and clinic accounts are authorized to permit multiple persons to use them. No other accounts can be used by people other than their owners without explicit permission from the CS staff.

Personal accounts should never be shared with people other than their owners. If you knowingly allow another person to use your account, you will be liable for everything that they do with it, and in addition, you may face normal penalties for policy violation, regardless of the actions they take.

Under no circumstances should a person who does not have an individual account on the system be permitted to access any accounts on the system, including legitimate multiple-user accounts. The following sections define specific policies governing the use of your account.

Your Name

Users have a full name associated with their username (for example, jdoe (John Doe)). If the name attached to your username isn't the name you normally use, CS Staff will change that name to the one that you normally use. So, if you are John Doe, but everyone calls you Adam, staff will change your name so that you are now jdoe (Adam Doe) if you ask them to do so.

Passwords

Each user is assigned a username and a random password when he/she is issued an account. Users are required to change their password upon their first login. In order to do so, follow the instructions here. Users are responsible for choosing a secure password and maintaining its secrecy.

A cracked account threatens the security of not only the account owner, but of the entire system. As such, it is very important that passwords be secure. Users are required to obey the rules detailed here and in the passwd documentation.

Passwords are private. A user may NOT give his/her password to anyone else (including roommates, friends, family members, research partners, grutors, professors, etc.). Under no circumstances should you send your password to anyone over the web (via email, IM, etc.), this exposes your password to the entire world.

The Computer Science Department System Administrator and Computer Science Department Student Staff will randomly run password cracking programs in an attempt to enforce the use of secure passwords. Users whose passwords are cracked will have their accounts revoked until such a time as they contact the Computer Science Department System Administrator or Computer Science Department Student Staff and change their passwords.

Disk Usage and Quotas

When a user is granted an account on the system, he/she is given a designated area of the system in which to do his/her work. This is called the user's home directory. People using the system are expected to keep projects they are working on in their home directory, or some subdirectory of their home directory. Only with faculty or staff permission should users place files elsewhere on the system.

The file system /tmp is the home of many system temporary files. Programs such as emacs create temporary files here. Users may also store files temporarily on /tmp under very limited conditions: the files MUST be cleared before logging out, and under no circumstances should files be left there for more than a few hours. Users should only use /tmp to store files that they need for a very limited time, and will soon dispose of. Also, users should NOT transfer any files to /tmp if it is more than 75% full. To determine how full it is, type df /tmp and make sure that "capacity" is under 75%. UNDER NO CIRCUMSTANCES should you erase or modify anything in /tmp except files which you have placed there. Finally, users should NOT create directories in /tmp for storing their own files.

The /clinic, /research, and /proj directories exist to provide extra space for certain types of work. The /clinic filesystem is designed for the use of CS clinic teams working. The /research filesystem is designed for use by CS research groups. /proj is meant for system projects, such as compilation of officially sanctioned system programs. If you believe you have reason to have access to one of these filesystems, please contact system staff.

Users are granted a fixed quota of space on the system to do their work. The quotas are assigned depending on the nature of work the user is expected to be doing. If a user runs out of space, he/she can always request a higher quota, subject to review by staff. To check your disk quota, type checkQuota -v. See the quota documentation for details.

Students will normally receive a quota of 120 MB. Other accounts, including faculty and staff members, will have their quota determined on a case-by case basis. If your quota is insufficient for the work you do on the system, a temporary or permanent quota increase may be permitted, also determined on a case-by-case basis.

Users who are granted additional disk space on the system (e.g. an expanded quota, a directory in /proj, etc.) may use that additional space only for the purposes which they specified in their request for additional disk space.

Use of disk space other than that specifically allowed by the above policy is a violation of CS System policy.

Account Duration

Accounts given by the CS department are not necessarily permanent. Account duration is governed by the following rules. If an account does not meet any of the criteria listed below, it may be subject to deletion. Note that the guarantees given do not imply exemption from any of the other account-termination conditions.

• Off-campus (non-Claremont Colleges) account holders are guaranteed their accounts only as long as their involvement with the department (e.g. enrollment in a class) lasts.
• Students from any of the Claremont Colleges are guaranteed their accounts for as long as they are enrolled in HMC CS courses, including gaps of up to one semester, and for one semester afterwards.
• All current HMC CS majors and joint CS/Math majors are guaranteed accounts.
• All former students who graduated from Harvey Mudd with a CS or joint CS/Math major are guaranteed accounts for as long as they are actively used (see below).
• All faculty are guaranteed their accounts for the duration of their affiliation with the college.

The CS staff will be periodically performing scans of the login records. All user accounts that have not been logged into for over a year will be contacted by e-mailing the account, with a warning that the account will be removed if a response is not received. If no response is received within a month (30 days), the account will be deleted. This does not apply to current CS majors or faculty.

If an account is only being used for IMAP e-mail , the user can be provided with a minimal account which permits mail access, but no login privileges.

Mail-forwarding will be provided essentially indefinitely, but the chance of an accidental failure increases with time, and so you are encouraged to minimize your dependency on mail-forwarding as soon as is reasonable.

Notice will always be given at least one month (30 days) prior to removing an account for the above reasons, by sending mail to that account. Note that accounts may be disabled or removed without prior notification for security or other reasons not covered above.

Accessing Department Facilities

The following policies govern the means by which users may access the Computer Science Department Computing Facilities.

Physical Access

No physical access is allowed to CS Department facilities other than the terminal rooms (Beckman B102 and B105). Access to any other room is permitted only with the specific permission of a CS Department Faculty or Staff member.

No machines will be permitted on the .42 subnet except those which the CS staff, and only the CS staff, has root access, unless they are machines owned and maintained by a professor. Moreover, physical space in the machine room will be provided only to CS department machines and those belonging to the CS staff.

Remote Access

External connections to the CS Department network are any connection that originates from a host not within one of the CS Department subnets, i.e., the originating host has an IP address outside the range: 134.173.40-43. All such external connections must use a secure connection technology along the entire connection. Most notably, this means that telnet connections to the CS Department network are forbidden. Furthermore, using telnet from a dorm room or home to a remote machine and then using ssh to connect to Knuth is forbidden. Basically, such connections are forbidden because connection technologies such as telnet do not encrypt any information, resulting in passwords that are easily captured. Other forbidden services include, but are not limited to, ftp and rsh.

Unauthorized Access

Users shall at no point break into or attempt to break into the accounts of other users, nor shall they break into or attempt to break into the Computer Science Department Computing Facilities.

Files and Privacy

Each user's files are considered private. Others may use the files only if the owner has given permission and if access is allowed under the protection system which each user can adjust to his or her own needs (see UNIX: The Basics). Unauthorized use of a person's files is an invasion of privacy as well as a violation of CS System Policy, and punishable by the judiciary process at the student's college, in addition to possible penalties imposed by the System Staff.

public_html directories exist for the purpose of publicly sharing information on the web. Consequently, they are considered to be public, and may be accessed without the owner's permission, unless such access is prevented by the Unix file permissions system.

Users are expected to keep their files in their assigned directory or its subdirectories (see the Disk Usage and Quota policy).

Professors may set specific rules regarding access controls on course directories within user home directories, for example forbidding said directories from being readable by users other than the student, for the purpose of preventing cheating and plagiarism. Users are required to follow these rules, regardless of whether they are still enrolled in the course in question. To support these policies, professors may scan your home directory to determine if any directory within it violates the policies they have set. If user directories are found in violation, the CS staff may change the permissions on the directories in question to bring them into compliance. Assisting the professors with these scans, and altering the permissions on the directories in question, is the limit of the CS staff's involvement in this regulation, and any questions or complaints, unless specifically pertaining to the actions of the CS staff, should be directed to the professor in question.

Users may not have .rhosts files present in any directory owned by the user. .rhosts files represent a significant security risk. An automated scan is performed daily to identify these files. If found, they are deleted, and their presence reported to the staff.

The Computer Science Department provides no services for securing users' sensitive information other than the standard protections provided by the operating system of the users' work environment. The Computer Science Department makes no claims as to the security of these protections and will not be held liable should these protections fail. Users who wish to secure sensitive data are encouraged to use some form of strong encryption to ensure privacy.

Monitoring Policy

The privacy of user files is not absolute. The CS Staff may find it necessary to scan user files for security compromises, or for other administrative purposes. This will be done with as much respect as possible for user privacy, and where possible will be done with automated tools which report only essential information to the human administrators. An example of this is the .rhosts scan.

The United State Department of Justice, General Litigation and Legal Advice Section, Criminal Division, recommends, and we follow, the following monitoring policy:

• This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.
• In the course of monitoring individuals improperly using this system, or in the course of system maintenance, the activities of authorized users may also be monitored.
• Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity, system personnel may provide the evidence of such monitoring to law enforcement officials.

Running Programs

The following policies govern the running of software programs on the Computer Science Department Computing Facilities.

Long Jobs

The CS staff reserves the right to kill without notification any long-running jobs which may be out of control, or are adversely impacting system performance. If you are going to run long jobs on knuth, or any other CS department machine, observing the following protocol will improve the chances of your job surviving.

Send mail to staff or consultants if you are going to be leaving a job running after you logout. This will prevent us from thinking it is a runaway process and killing it.

Please use the nice command to lower your job's priority and keep it from hogging the CPU. 19 is a good nice value as this will run your job only when the CPU is otherwise idle (this is most of the time). For example, nice -19 mylongjob. Jobs with high priority values are more likely to be killed (remember that priority is the inverse of nice-value).

We suggest that, if possible, long-running programs be written so that they can be killed and restarted without destroying all work done. This means that if your program produces data you will need, write this data to a file as the data is created, not when the program finishes running. Also, programs which might run for large amounts of time should be given names which indicate this possibility. For example, "compute-research-data" and "clinic-project-test" are much better than "a.out" or "test".

Games

Games will be allowed on the system, subject to the following guidelines and restrictions.

Games supported by the system will be located in /usr/games or /usr/local/games. Currently, no games are installed. Man pages for installed games (if any) may be found in section 6 of the online manuals.

Users may play games at any time when their playing will not adversely impact the work of others. Game-playing is given no priority, and may be interrupted by any user wishing to work on projects or course work.

It is the game-player's duty to check system use so that he can be sure of not using resources necessary to other users.

Users may not compile or run unsupported games which utilize network access. Users should ask for staff assistance for such projects. Unsupervised use of network access is grounds for loss of account.

Programs which Compromise System Security

Users are expressly prohibited from using any program which poses a threat to system security. This includes, but is not limited to, the following types of programs: password crackers, packet sniffers, network scanners, exploits, and network attack tools. Users are expressly prohibited from running password crackers on any password table obtained or derived from any machine in the Computer Science Department.

Maintaining a Stable Working Environment

The Computer Science Department computing facilities are operated with minimal staff supervision and with as much access for faculty and students as possible. This method of operation is fragile and can be maintained only when users and staff members are cooperative and sensitive to the needs and rights of others. This is especially true in a UNIX environment because UNIX was designed for use by a community of cooperating, mature users.

Users are expected to avoid actions that might cause the system to malfunction or that might significantly reduce its effectiveness in providing computing power to other users. Abuse or misuse of the system, in the judgment of the Computer Science Department System Staff, is a violation of CS Department policy, and may be subject to the penalties outlined below.

Student consultants are empowered to perform certain system functions that require system privileges such as killing jobs at the request of users and monitoring the performance of peripheral devices such as printers. Consultants are empowered to take actions to maintain the working integrity of the system. This may include shutting down the system and exercising directive authority in extreme circumstances.

The Machine Room

Beckman B104 houses all of the CS Deptarment's servers, including knuth, the webserver, the fileserver, and other important machines. Additionally it houses several professors' servers. Several other departments (most notably math) keep their servers in this room as well. Therefore access to the machine room is heavily restricted.

If you are keeping a machine in the Machine Room, you must first obtain permission from the CS Dept. That machine must have root privileges given to the system administrator, Tim Buchheim, in the event that he needs to perform any maintenance in the Machine Room.

Penalties and Due Process

Abuse or misuse of the system, interference with the use of the system by others, and/or violation of the policies outlined here, as judged by the Computer Science Department System Staff, will be penalized as the Staff considers appropriate. The Staff is not a disciplinary or judiciary body. However, as part of its responsibility to ensure the stability and security of the Department systems, it may restrict or terminate the activities on the system of users who have shown an unwillingness or inability to abide by these policies.

The penalties imposed will be in proportion to the offense committed, taking into consideration such factors as repetition of the offense. Single, minor offenses will generally be handled with a verbal, e-mailed, or written warning, with no formal penalties imposed. More serious and/or repeated offenses will be subject to more serious penalties.

The Staff reserves the right to restrict the use of the Computer Science Department Facilities in any manner which it sees fit, up to and including termination of all user privileges, whether to ensure the stability or security of the system, or for any other reason. Penalties imposed by the Staff will not exceed such restrictions because it lacks the authority to do so. If the Staff considers further penalties appropriate, it will refer the matter to the appropriate authorities, such as the disciplinary body of the offender's home college, or (in serious cases) law-enforcement authorities.

A user who is directed to log out of the system by an employee in authority MUST DO SO until permission is granted to log back in. ("employee in authority" includes CS System Staff and any others authorized to take such action by CS System Staff.)

Users are also subject to federal, state, and local laws.

Claims by users of harm done may be filed against any other computer user and should be submitted in writing to the System Staff. Such claims should document the time and place, description of the alleged harmful behavior, and witnesses available for comment. These claims are handled by the System Staff.