Gold University of Minnesota M. Skip to main content.University of Minnesota. Home page.
IT Labs Home | One Stop | Directories | Search U of M  
 
 

What's inside.
Account Information
IT Lab Fees

Classroom and Lab Information

Course Websites

Online Resources

Forms

Instructional Computing Committee

Help Pages

Contact Information

 

IT Labs Home

IT Home

 
 
 
 
 
 

IT Labs AUP

  
  Home > Account Information > IT Labs AUP

Institute of Technology Public Computing Acceptable Use Policy

Contents

Introduction

(back to top)

The University of Minnesota provides and maintains publicly accessible computing labs in support of education, work, and limited research for its faculty, staff, and students. To support these efforts, IT provides fast, unhindered network connectivity between its computer workstations and the Internet. Along with these highly accessible computing resources and broad connectivity come certain responsibilities. The purpose of this policy is to define responsible and ethical behavior of IT public lab users in order to preserve the availability and integrity of IT public labs, and to attempt to continue to be a good "net neighbor" for other Internet users. This policy is intended to supplement the University's Acceptable Use Policy (AUP), not replace it, and conflicts between it and this policy should be addressed to the Systems Staff Operator <operator@itlabs.umn.edu>.

This policy is deliberately silent on matters covered by other policies, such as sexual harassment; violations of federal, state, or local law; and matters covered under other University policies. This policy applies to all users of IT public labs equipment.

Because anticipating all the ways in which IT public labs equipment can be used is impossible, this policy focuses on some general rules, which should indicate the types of activities that should be avoided. If you observe someone violating this policy or need clarification of an aspect of this policy, please contact the Systems Staff Operator <operator@itlabs.umn.edu>

The IT Acceptable Use Policy in a Nutshell

(back to top)

This document is provided in an effort to:

  • safeguard the integrity of computers, networks, and data in IT public labs
  • ensure that use of IT public labs resources complies with IT and University policies
  • protect IT, its users, and the University against possible legal action
  • inform IT public labs users of their rights and responsibilities as users

All IT public labs users should be familiar with the full content of this document. However, in the interests of brevity, here are the basic ideas:

  • Do not use your account for illegal, unethical, or unauthorized purposes.
  • Protect your data with the correct file permissions, and respect others' privacy.
  • Contact the system administrators if you have questions, comments, or concerns about IT's public computing labs.
  • Only use resources that have been deliberately allocated to you, i.e., do not try to circumvent security or administrative measures on the systems.
  • Become familiar with the system, and avail yourself of all the resources for which you have authorization.

It is the responsibility of all users of IT public computing labs to be familiar with the rules, regulations, laws, and policies governing use of those resources.

Definitions

(back to top)

Job titles are deliberately used throughout this document, as the names associated with those titles are likely to change much more often than the titles. Actual names are assigned to each title in this document's appendix. The following is a list of terms that appear in this document, and definitions to help identify the context in which they are used. Many of these are similar or identical to definitions in the University's AUP.

IT Public Computing Labs (ITPL)
Computing equipment, supplies, services, etc., that are provided by IT for users of the IT public labs
Authorized User
Individual or entity permitted to make use of ITPL as specified the Institute of Technology.
Data Owner
An authorized user who "owns" data (ownership permissions on files are set to the user's login ID). Staff, students, faculty, and other authorized users can all be data owners. Production files, computer applications and their files, and system files are the responsibility of the system administrators who serve as data owners or stewards of the asset.
Institute of Technology Instructional Computing Committee (ITICC)
The ITICC has responsibility for setting policy and establishing procedures for operating the ITPL. It includes one faculty member and one student from each IT department, two student representatives from the IT Student Board, representatives from Academic and Distributed Computing Services, the University's Office of Information Technology, and University College. The committee is chaired by the Associate Dean for Student Affairs. ITICC delegates the responsibility for maintaining ITPL to system administrators. Technical advice is provided to ITICC by the IT Instructional Computing Technical Committee, made up of technical staff from the departments and Academic and Distributed Computing Services.
System Administrator (sysadmin)
A person authorized to have privileged access that works for the ITPL Manager, and is responsible for maintaining ITPL. Unless indicated, this person may be a full-time or part-time employee, and may or may not be a student employee.
Lab Attendant
A part- or full-time employee working for Academic and Distributed Computing Services (ADCS), whose responsibilities include maintaining the physical security of IT computing labs, reporting system malfunctions to the sysadmins, assisting users with general lab and ITPL related questions. Lab attendants may also have some additional administrative capabilities, e.g., the authority to manage print queues, kill jobs, etc., but do not have the full complement of privileges that a sysadmin does.
Security Measures
Processes, software, and/or hardware used by system administrators to assure confidentiality, integrity, and robustness of ITPL. Security measures include reviewing files for potential or actual policy violations; reviewing system logs; and network monitoring for evaluating distributed systems' performance, monitoring for policy or security violations, and traffic analysis.

Usage Priorities

(back to top)

All user-owned tasks fall into one of these three categories:

High - Processes that are considered highest priority include all educational and administrative use of ITPL directly relating to the mission of ITPL and the University of Minnesota. Long-term jobs (processes that are going to take more than a few hours to run) have lower priority than other high priority tasks but still have priority over medium and low priority jobs.
Medium - Medium priority processes include those that indirectly relate to IT/University goals, or with secondary educational or research benefit. This includes personal communications (e-mail).
Low - Uses without any educational or research benefit, including game-playing, general web browsing, IRC (Internet Relay Chat), or other recreational activities.

Rules of Use

(back to top)

The "Do Nots"

The following is a list of things not permitted when using ITPL.

Do not share your account

Your IT username identifies you to the IT and University communities, and the Internet community. Another person using your account, regardless of whether or not you have given your permission, will be acting in your name. Anyone who knows your password can use your account. Since you are solely responsible for how your account is used, you may be held responsible if someone violates policies or laws and those activities are traced back to your account. Picking a strong password that you never share with anyone else is crucial to protecting your account. (See "Picking a Good Password" for more information on "strong" passwords.) If someone needs access to IT resources, even on a temporary basis, then that person should contact Systems Staff and arrange for his/her own account.

You should also refrain from giving your account to someone who claims to need it for administrative purposes, including a sysadmin or a lab attendant. The general rule of thumb is that someone who you might think has a legitimate need to know your password will never need your password; those who might require it can complete their work without it through other means.

If someone else offers you use of an account for which you do not have authorization, decline. Also, if you discover someone else's password, do not use it. In either case, you should report the event to the Systems Staff operator.

Do not circumvent, or attempt to circumvent, system security settings.

Use of your account to subvert or change system security settings is strictly prohibited. That UNIX and UNIX-like operating systems have certain vulnerabilities is widely known. Attempts to exploit these vulnerabilities will be interpreted as a hostile action and your account will be deactivated. Reactivation of your account may require that you explain your actions to the Associate Dean for Student Affairs and/or an ITICC member. This wastes everyone's time and creates hard feelings; don't do it.

Do not use ITPL to transmit or distribute personal or private information about individuals unless you have explicit, written authorization from the individuals involved.

Do not create programs that secretly collect information about users.

Software running on IT resources is subject to the same guidelines for protecting privacy as any other information-gathering project at the University of Minnesota. Note that some system utilities automatically log user information (FTP, Netscape, ssh, etc.). This is a widely known feature of the various operating systems deployed in ITPL, and is not considered to be secret information for the purposes of this rule.

Do not impersonate any other person.

Using IT resources to impersonate someone else is improper use of those resources. If you use someone else's account, you may be committing acts of fraud because the account owner's name will be attached to transactions you perform.

Sysadmins will never ask you for your password by e-mail, IRC, or any other form of online communication. If someone claiming to be a sysadmin asks for your password via an online method, be immediately suspicious and notify the Systems Staff Operator at your earliest opportunity.

Avoid sending anonymous e-mail or making anonymous UseNet postings.

If you send anonymous mail or UseNet postings, you should realize that it is customarily considered polite to identify that your message is intended to be anonymous, or you should sign it with a pseudonym. Also keep in mind that many people will give less credence to anonymous communications than to signed communications.

Do not use IT resources to violate other policies or laws.

Computer networks offer new ways to commit actions that violate laws or policies that are covered elsewhere. Some policies and laws to keep in mind include the Student Conduct Handbook and Title 18USC1030, Computer Fraud and Abuse.

Do not use your IT account for commercial purposes

Your IT account exists for academic work, research, etc., only. Use of it for non-academic purposes is highly discouraged, and commercial use is explicitly prohibited. When it is discovered that an account is being used for non-academic purposes, that account may be deactivated without warning.

Do not look through another user's files without explicit permission.

File access permissions can be individually set for each file by the file owner. Unfortunately, many people do not realize the ramifications of leaving their files and/or directories open for world-readability. However, just because someone sets access permissions on a file or directory so that it is accessible to you does not automatically mean you should access it. Some users inadvertently set permissions on their data to settings that grant other users access to their data purely by accident; you should not access the data in such instances without the owner's permission.

Do not intercept or monitor any network communications that are not explicitly meant for you.

Sometimes, as part of a class, this rule is suspended. Any exceptions to this rule are granted by the ITICC and must be in writing. With the exception of regular networking classes where network traffic monitoring is part of the curriculum, exceptions should be written to cover a specific period and be reviewed periodically. Without explicit authorization, ITPL users should not intercept or monitor network communications.

The "Dos"

These are some of the things you should do when using ITPL.

Use IT resources consistently with stated priorities.

Some activities, such as chain letters or "broadcast" e-mail (e-mail sent to a large number of users simultaneously) consume a large amount of available resources and may be illegal; avoid them when possible. Also, if you are using ITPL for low priority activity while others have high priority work to do, please let them do their work.

Run long-term jobs using the nice command.

Long term jobs are generally discouraged on IT workstations. However, there are a few instances where long-term jobs (jobs taking several hours or more to complete) must be run to reach an academic or research goal. Such jobs should be started with the nice command to lower their impact on users who are running short-term jobs interactively. In general, nice will have a very minor negative impact on the time taken to complete a long-term job, but will have a very major positive effect on other short-term jobs on the same machine.

Honor the privacy of others.

UNIX and UNIX-like operating systems make it possible to access file and/or network data that is not meant for you. This is especially true for operating systems like Microsoft Windows, which are based in part on a "single user" approach to operating systems. You probably would not appreciate it if someone else were snooping through your files; don't do it to others.

Report system problems to the Systems Staff operator or a lab consultant when you notice them.

Since you are paying for the privilege of using ITPL, it is in your best interest to help ensure they are in top operating condition.

Periodically check your account for signs of unauthorized use (theft of service).

Some indications include files you didn't create, directories with unusual names (like " "), wildcard entries in your ~/.rhosts file, and last login times you don't recognize.

Report unusual system behavior and violations of policy to the Systems Staff operator or a lab consultant.

Strange system behavior can indicate many things, including impending hardware failure, unauthorized use of the system, intermittent network outages, etc. If things go unchecked, the system may crash or become unusable. When reporting odd system behavior, please be sure to include any diagnostic output or error messages you may see.

In addition to strange system behavior, the sysadmins need to know of any observed policy violations. The onus of reporting observed instances of policy violations, including security violations, is upon you, the user. While anonymity in reporting policy violations is not guaranteed, your identity will not be needlessly released.

Address your questions about system usage and performance to the lab attendants or sysadmins.

These people exist not only to maintain system operations, but also to facilitate authorized users' use of ITPL. In other words, they are paid to answer system-related questions; take advantage of this resource! (Note that sysadmins and lab attendants are not there to assist you in debugging your programs, work on programming assignments, etc.)

Address ethical questions about system usage to the operator.

If you have questions about whether or not a certain activity not covered by these or other University policies is allowed, ask! The operator will either answer your question or forward it to the appropriate authority. Just because something is not specifically mentioned in this document does not imply that it is authorized.

Rules of Use for the System Administrator

(back to top)

The system administrators are also bound to certain rules regarding their usage and maintenance of the system. What the sysadmins are and are not permitted to do is largely determined by their responsibilities. These include (in no particular order):

Maintain integrity and privacy of users' data and files

Information stored in a user's account must be protected from unauthorized access. Towards this end, system administrators will not search, read, edit, or delete a user's files without explicit permission from that user. Notable exceptions are removal of files from temporary file storage areas, performing backups to safeguard file integrity, and other activities specifically relating to general system administration. Administrators may not share another user's data with anyone without the owner's explicit permission. Where making non-security-related changes to a user's account, e-mail from the user requesting the action requiring those changes may be sufficient. When making security-related changes, e.g., resetting a user's password, the user's identity must be verified. Sysadmins may require identification other than e-mail from the account at their discretion, and should err on the side of caution where unauthenticated requests by e-mail ask for potentially destructive actions to be taken to a user's account. (Note that e-mail from an account is not normally considered an authenticated request.)

Assist users with questions regarding system operation

System administrators should assist users in overcoming problems directly relating to the system. To achieve this, the user should work with the sysadmin to fix the problem where possible.

Sysadmins should not assist in programming assignments, code debugging, or other similar tasks. This does not preclude sysadmins from providing consulting services, etc., on their own time. In addition, sysadmins are not required to "drop everything" to provide assistance, especially if they are already working on a problem with a wider-reaching impact. For example, a system administrator working on restoring e-mail service to a computing cluster is not required to stop work to restore a single workstation's functionality.

Keep systems maintained properly and in good working order

Sysadmins are responsible for ensuring that systems are in good working order and should take steps to correct problems where possible, requesting additional assistance where necessary.

Enforce policies

Sysadmins are required to enforce policies, such as this one, as part of their job. If a violation of established policy is detected, the sysadmin should take corrective action immediately. Note that some administrative actions, such as reactivating an account closed for security reasons, cannot be performed by student sysadmins.

Treat users with courtesy and assist them in a timely, efficient manner

Users should expect courteous, efficient solutions from sysadmins. Sysadmins should expect civil behavior from users.

 
©2008 Regents of the University of Minnesota. All rights reserved. Contact U of M | Privacy
The University of Minnesota is an equal opportunity educator and employer.   Last modified on May 17, 2006