Chemistry Lab University of Washington Computer Science & Engineering
 Running Your Own Unix System
  CSE Home     CSL General Services  About Us    Search    Contact Info 

 Unix at UW CSE
 Standard Issue Unix
 Software
 Unix GWS Usage
 Administering Your
   Own Unix System
 Dual Booting
   

All computer systems are prone to breakins. It's a fact of life, and it's getting worse. And once a single system in our network is breached, it makes all the others more vulnerable. Keeping up with all the security patches is a pain. For that and other reasons, we recommend against administering your own Unix system.

That said, there may be reasons you would prefer to run your own Unix system. That is, be your own system administrator, have the root password or equivalent, install software, run experimental kernels, etc. There are some basic requirements you must fulfill before the Lab will "hand you the keys":

  1. You should have a good reason for wanting to run your own system. We leave that to you to decide, but usually this means that you want to engage in research that requires modifying system software, or that your hardware/software configuration is unique, or your usage is so specialized that it is not cost-effective for the Lab to create and maintain it as a ``vanilla'' system.
  2. You must agree to dutifully fulfill the obligations of a system administrator. Namely, making sure that your system is ``trustworthy'', and won't jeopardize the security or integrity of other resources on our local network, the campus network, or the Internet at large. Primarily this means that you commit to making and keeping your system as secure as those operated by the CS Lab. Your responsibilities include, but are not necessarily limited to, those described for System Administrators (Manage-It-Yourself) in the UW Safe and Secure Computing document.
  3. You must understand that the CS Lab will not provide help to you with your system software. If it's broken you have to fix it. The Lab provides updates to the current CSL-distributed version of Unix, but will not upgrade your system. You must also understand that your system may be denied access to certain resources (e.g., NFS-mounted file systems); this restriction is necessary since all people are not obliged to share the the Lab's view of your trustworthiness.
  4. Access to the CSE Network is permitted only for authorized users, and account management must be coordinated with the CS Lab. The reasons for this are threefold: for network security; because the CSE research computing facilities are operated as a financial "recharge center" and all users must pay lab fees; and to prevent username, uid and gid conflicts within the departmental network. No accounts other than those sanctioned by the CS Lab may be installed on your system, and they must be installed with the registered user id and group id for that user name. Because of the security and financial compliance, the CS Lab reserves the right to monitor the contents of your the passwd file on your system, or to block network access of your system. You must remove any accounts from your system upon request from the CS Lab staff. Contact support@cs for details whenever you wish to install any accounts on your system.

Items (3) and (4) should not be taken lightly. When you run your own system, the Lab views you not as a student or researcher, but as a system administrator who is working diligently to keep the local computing environment safe and sane.

To assist you in meeting that goal, all unsupported system administrators are on a mailing list, unsupp-admins@cs. The purpose of this list is to allow the Lab staff to provide you with information that will help you maintain your system's integrity, such as security bulletins that you might not otherwise see (or pay attention to). When you receive such information it is your obligation to act on it immediately so that your system will not become a hazard to yourself or others.

You should also familiarize yourself with the information on the UW-IT Computing Security site, and follow the guidelines, policies and practices described therein. Remember that security is not something you do once; it's an ongoing process. So review that site periodically for updated information.

Students, old and new, who find that their favorite application or software package is missing are invited to investigate joining the student-run unsupported software consortium.

Details for how to get setup to administer your own Unix system are here.

CSE logo Computer Science & Engineering
University of Washington
Box 352350
Seattle, WA  98195-2350
(206) 543-1695 voice, (206) 543-2969 FAX
[comments to sp-staff@cs.washington.edu]