Last edited: 15thJanuary 2003
This document is in addition to, and should be read alongside, the UniversityofBath Computing Services Policies, which can be found at http://www.bath.ac.uk/bucs/policies/. Other policies within the Department of Physics may also apply.
Who does this apply to?
All users of computing facilities within the Department of Physics.
What equipment does this concern?
All computer and related equipment belonging to the Department, or any computer equipment being used in the Department and connected to the University network.
Section 5 of the BUCS Responsible Computing Policy states:
You may own a PC or workstation and therefore you will make decisions about how that equipment is used. That is, except when it is connected to the campus network. The University owns the network - all the cables, routers, bridges, etc that connect the central computers, public-access PCs and departmental/personal machines to each other and, beyond campus, to the Internet. The University determines who is authorised to use its network and has policies that specify how a person's own computer should be configured for connection to that network.
Extract from Responsible Computing (http://www.bath.ac.uk/bucs/resp.html):
What is meant by "Root User"?
On Unix and Linux based operating systems there is a special user called the "super user" or "root", by default only the super user can install new hardware, change hardware settings and install software. All other users are restricted in their access. The restriction allows multiple users to access computers and keep their own files and settings secure, and is an essential part of a secured and managed network. It is also vital to keep records of software installed within the Department, to ensure compliance with licensing regulations - if everyone has the ability to install software, this cannot be achieved.
Some changes that the root account makes possible have consequences for domain and campus IT security - BUCS and Departmental IT Support are concerned with keeping systems running to benefit all users at all times.
On these systems the super user is "all powerful" - without access to this account IT Support is unable to offer any assistance on these computers
Historically, within the Department, super user passwords have been kept reasonably well guarded, with only those people with good knowledge of the computer systems being allowed to know them.
In general, the users of these computers should not need to have access to the super user account. Each computer may have it's own nominated "administrator" who knows the root password and who is responsible for the computer system. Generally this has worked for the benefit of those using the systems. Ideally IT Support should have an up-to-date list of all systems administrators and root passwords, so that action can be taken if necessary to protect other Departmental or central computing services from disruption. This list will be kept secured in the IT Support office, and a copy lodged with the Department Administrator.
However, on systems that IT Support have been asked to look after and manage, super user access will ONLY be granted to those users that can display knowledge of the systems and the consequences of their actions, and NOT given to anyone who asks, however good their reasons may appear to be.
Once the super user password has been given to a user of a system, they will become primarily responsible for the running of the system, and IT Support assistance will be heavily restricted.