Indiana University

ComputerScience



 Home

 Contacts

 Courses

 Academics

 Careers

 Research

 People

 Calendar

 Resources

 Facilities
   FAQ
   System Notices
   Help
   Hardware
   Software
   Network
   Policies
   CSG Staff
   Lindley Hall

 Hiring

Sudo Policy

Sudo is a program used to grant root privileges on unix-based systems. This policy attempts to strike a balance between functionality and security while recognizing the need to protect all users of the CS systems against incorrect or malicious use of sudo. The following terms regarding different levels of sudo access are used in this policy and defined as follows:

  1. Command Access - Access is granted for a named set of commands. This may include predefined collections of commands (like file manipulation commands including mv, cp, rm, chown, chmod) or individual commands needed for a specific task.

  2. Full Access - Access to all commands except 1) shells (/bin/bash, /bin/tcsh, etc), 2) editors (emacs, vi, etc), and 3) programs known to permit shell or system call access (perl, scheme, etc). File editing is still permitted but granted through the use of sudoedit (aka. sudo -e).

  3. Unrestricted Access - This allows complete and unrestricted sudo access. Anyone with unrestricted access is strongly discouraged from using sudo to invoke a root shell unless absolutely necessary.

The rules governing sudo privileges are based on the status of the user within the department as follows:

Faculty:
Faculty of the CS department will be granted Full Access on systems they own or control, upon request. Unlimited Access will only be granted with the approval of the Department Chair and Facilities Director.

Staff:
Staff members of the CS department will be granted Command Access with the sponsorship of a member of the CS faculty on those systems owned or controlled by the sponsoring faculty member. Full Access will be granted at the request of the sponsoring faculty member and with the approval of the Facilities Director. Unlimited Access is discouraged but may be granted at the request of the sponsoring faculty member and with the approval of the Department Chair and Facilities Director.

Graduate Students:
Graduate students of the CS department will be granted Command Access with the sponsorship of a member of the CS faculty on those systems owned or controlled by the sponsoring faculty member. Full Access is discouraged but may be granted at the request of the sponsoring faculty member and with the approval of the Department Chair and Facilities Director. Unlimited Access will not be granted.

Undergraduate Students and Guests:
Students and guests of the CS department will be granted Command Access with the sponsorship of a member of the CS faculty on those systems owned or controlled by the sponsoring faculty member. Full and Unlimited Access will not be granted.

This policy is only applicable to systems managed by CSG staff that enjoy a trust relationship within the CS department network. Standalone systems owned by faculty or research groups operating within the department that are not trusted for filesystem access or account sharing may be managed differently.

Exceptions to these rules will only be granted with approval by the Facilities Director, the Associate Director of Facilities, and the Department Chair.


[Site Map]


Home  ||   FacilitiesFAQ | System Notices | Help | Hardware | Software | Network | Policies | CSG Staff | Lindley Hall


Valid HTML 4.01!

  Page Owner: Webmaster
  Last Modified: Jan 11, 2008   11:02am
IU Computer Science Department
Email: info@IU CS Department