Acceptable Use Policy
The University of Minnesota provides and maintains publicly accessible computing labs in support of education, work, and limited research (see Usage Policies) for its faculty, staff, and students. To support these efforts, the College of Science & Engineering (CSE) provides fast, unhindered network connectivity between its computer workstations and the internet. However, along with these highly accessible computing resources and broad connectivity come certain responsibilities. The purpose of this policy is to define responsible and ethical behavior of CSE users in order to preserve the availability and integrity of CSE, and to attempt to continue to be a good "net neighbor" for other internet users. This policy is intended to supplement the University's Acceptable Use Policy (AUP), not replace it, and conflicts between it and this policy should be addressed to firstname.lastname@example.org.
This policy is deliberately silent on matters, such as sexual harassment; violations of federal, state, or local law; and matters covered under other University policies. This policy applies specifically to all users of CSE equipment.
Because anticipating all the ways in which CSE equipment can be used is impossible, this policy focuses on some general rules, which should indicate the types of activities that should be avoided. If you observe someone violating this policy or need clarification of an aspect of this policy, please contact email@example.com.
The CSE Acceptable Use Policy in a Nutshell
This document is provided in an effort to:
- Safeguard the integrity of computers, networks, and data in CSE
- Ensure that use of CSE resources complies with CSE and University policies
- Protect CSE, its users, and the University against possible legal action
- Inform CSE users of their rights and responsibilities as users
All CSE users should be familiar with the full content of this document. However, in the interests of brevity, here are the basic ideas:
- Do not use your account for illegal, unethical, or unauthorized purposes.
- Protect your data with the correct file permissions, and respect others' privacy.
- Contact the system administrators if you have questions, comments, or concerns about CSE.
- Only use resources that have been deliberately allocated to you, i.e., do not try to circumvent security or administrative measures on the systems.
- Become familiar with the system, and avail yourself of all the resources for which you have authorization.
It is the responsibility of all users of CSE resources to be familiar with the rules, regulations, laws, and policies governing use of those resources.
Job titles are deliberately used throughout this document, as the names associated with those titles are likely to change much more often than the titles. Actual names are assigned to each title in this document's appendix. The following is a list of terms that appear in this document, and definitions to help identify the context in which they are used. Many of these are similar or identical to definitions in the University's AUP.
- Authorized User
- Individual or entity permitted to make use of CSE Labs as specified by the College of Science and Engineering (CSE).
- CSE Labs
- Computing equipment, supplies, services, etc., are provided by CSE for users of CSE Labs.
- Data Owner
- An authorized user who "owns" data (ownership permissions on files are set to the user's UMN Internet ID). Staff, students, faculty, and other authorized users can all be data owners. Production files, computer applications and their files, and system files are the responsibility of the system administrators who serve as data owners or stewards of the asset.
- College of Science & Engineering Instructional Computing
- CSE has responsibility for setting policy and establishing procedures for operating the CSE Labs. It includes faculty and students from each CSE department. The committee is chaired by the Associate Dean for Research and Planning.
- Security Measures
- Processes, software, and/or hardware used by system administrators to assure confidentiality, integrity, and robustness of CSE Labs. Security measures include reviewing files for potential or actual policy violations; reviewing system logs; and network monitoring for evaluating distributed systems' performance, monitoring for policy or security violations, and traffic analysis.
- System Administrator (sysadmin)
- A person authorized to have privileged access that works for the CSE-IT.
All user-owned tasks fall into one of these three categories:
High - Processes that are considered highest priority include all educational and administrative use of CSE Labs directly relating to the mission of CSE Labs and the college. Long-term jobs (processes that are going to take more than a few hours to run) have lower priority than other high priority tasks but still have priority over medium and low priority jobs.
Medium - Medium priority processes include those that indirectly relate to CSE/University goals, or with secondary educational or research benefit. This includes personal communications (e-mail).
Low - Uses without any educational or research benefit, including game-playing, general web browsing, IRC (Internet Relay Chat), or other recreational activities.
Rules of Use
The "Do Nots"
The following is a list of things not permitted when using CSE Labs:
- Do not share your account. Your UMN Internet ID identifies you to the CSE and University communities, and the Internet community. Another person using your account, regardless of whether or not you have given your permission, will be acting in your name. Anyone who knows your password can use your account. Since you are solely responsible for how your account is used, you may be held responsible if someone violates policies or laws and those activities are traced back to your account. Picking a strong password that you never share with anyone else is crucial to protecting your account. (See "Picking a Good Password" for more information on "strong" passwords.) If someone needs access to CSE resources, even on a temporary basis, then that person should contact Systems Staff and arrange for his/her own account. You should also refrain from giving your account to someone who claims to need it for administrative purposes, including a sysadmin or an operator. The general rule of thumb is that someone who you might think has a legitimate need to know your password will never need your password; those who might require it can complete their work without it through other means. If someone else offers you use of an account for which you do not have authorization, decline. Also, if you discover someone else's password, do not use it. In either case, you should report the event to the Systems Staff operator.
- Do not circumvent, or attempt to circumvent, system security settings. Use of your account to subvert or change system security settings is strictly prohibited. That UNIX and UNIX-like operating systems have certain vulnerabilities is widely known. Attempts to exploit these vulnerabilities will be interpreted as a hostile action and your account will be deactivated. Reactivation of your account may require that you explain your actions to the Associate Dean for Research and Planning and/or an CSE-IT member. This wastes everyone's time and creates hard feelings; don't do it.
- Do not use CSE Labs to transmit or distribute personal or private information about individuals unless you have explicit, written authorization from the individuals involved.
- Do not create programs that secretly collect information about users. Software running on CSE resources is subject to the same guidelines for protecting privacy as any other information-gathering project at the University of Minnesota. Note that some system utilities automatically log user information (FTP, Netscape, ssh, etc.). This is a widely known feature of the various operating systems deployed in CSE, and is not considered to be secret information for the purposes of this rule.
- Do not impersonate any other person. Using CSE resources to impersonate someone else is improper use of those resources. If you use someone else's account, you may be committing acts of fraud because the account owner's name will be attached to transactions you perform. Sysadmins will never ask you for your password by e-mail, IRC, or any other form of online communication. If someone claiming to be a sysadmin asks for your password via an online method, be immediately suspicious and notify the firstname.lastname@example.org at your earliest opportunity.
- Avoid sending anonymous e-mail or making anonymous UseNet postings. If you send anonymous mail or UseNet postings, you should realize that it is customarily considered polite to identify that your message is intended to be anonymous, or you should sign it with a pseudonym. Also keep in mind that many people will give less credence to anonymous communications than to signed communications.
- Do not use CSE resources to violate other policies or laws. Computer networks offer new ways to commit actions that violate laws or policies that are covered elsewhere. Some policies and laws to keep in mind include the Student Conduct Handbook and Title 18USC1030, Computer Fraud and Abuse.
- Do not use your CSE account for commercial purposes. Your CSE account exists for academic work, research, etc., only. Use of it for non-academic purposes is highly discouraged, and commercial use is explicitly prohibited. When it is discovered that an account is being used for non-academic purposes, that account may be deactivated without warning.
- Do not look through another user's files without explicit permission. File access permissions can be individually set for each file by the file owner. Unfortunately, many people do not realize the ramifications of leaving their files and/or directories open for world-readability. However, just because someone sets access permissions on a file or directory so that it is accessible to you does not automatically mean you should access it. Some users inadvertently set permissions on their data to settings that grant other users access to their data purely by accident; you should not access the data in such instances without the owner's permission.
- Do not intercept or monitor any network communications that are not explicitly meant for you. Sometimes, as part of a class, this rule is suspended. Any exceptions to this rule are granted by CSE-IT and must be in writing. With the exception of regular networking classes where network traffic monitoring is part of the curriculum, exceptions should be written to cover a specific period and be reviewed periodically. Without explicit authorization, CSE users should not intercept or monitor network communications.
These are some of the things you should do when using CSE resources:
- Use CSE resources consistently with stated priorities. Some activities, such as chain letters or "broadcast" e-mail (e-mail sent to a large number of users simultaneously) consume a large amount of available resources and may be illegal; avoid them when possible.
- Run long-term jobs using the nice command. Long term jobs are generally discouraged on CSE workstations. However, there are a few instances where long-term jobs (jobs taking several hours or more to complete) must be run to reach an academic or research goal. Such jobs should be started with the nice command to lower their impact on users who are running short-term jobs interactively. In general, nice will have a very minor negative impact on the time taken to complete a long-term job, but will have a very major positive effect on other short-term jobs on the same machine.
- Honor the privacy of others. UNIX and UNIX-like operating systems make it possible to access file and/or network data that is not meant for you. This is especially true for operating systems like Microsoft Windows, which are based in part on a "single user" approach to operating systems. You probably would not appreciate it if someone else were snooping through your files; don't do it to others.
- Report system problems to the email@example.com or CSE-IT when you notice them. Since you are paying for the privilege of using CSE Labs, it is in your best interest to help ensure they are in top operating condition.
- Periodically check your account for signs of unauthorized use (theft of service). Some indications include files you didn't create, directories with unusual names (like " "), wildcard entries in your ~/.rhosts file, and last login times you don't recognize.
- Report unusual system behavior and violations of policy to firstname.lastname@example.org or an operator. Strange system behavior can indicate many things, including impending hardware failure, unauthorized use of the system, intermittent network outages, etc. If things go unchecked, the system may crash or become unusable. When reporting odd system behavior, please be sure to include any diagnostic output or error messages you may see.In addition to strange system behavior, the sysadmins need to know of any observed policy violations. The onus of reporting observed instances of policy violations, including security violations, is upon you, the user. While anonymity in reporting policy violations is not guaranteed, your identity will not be needlessly released.
- Address your questions about system usage and performance to CSE-IT. These people exist not only to maintain system operations, but also to facilitate authorized users' use of CSE resources.
(Note that CSE-IT is not here to assist you in debugging your programs, work on programming assignments, etc.)
- Address ethical questions about system usage to CSE-IT. If you have questions about whether or not a certain activity not covered by these or other University policies is allowed, ask! CSE-IT (email@example.com) will either answer your question or forward it to the appropriate authority. Just because something is not specifically mentioned in this document does not imply that it is authorized.
Rules of Use for the System Administrator
The system administrators are also bound to certain rules regarding their usage and maintenance of the system. What the sysadmins are and are not permitted to do is largely determined by their responsibilities. These include (in no particular order):
- Maintain integrity and privacy of users' data and files. Information stored in a user's account must be protected from unauthorized access. Towards this end, system administrators will not search, read, edit, or delete a user's files without explicit permission from that user. Notable exceptions are removal of files from temporary file storage areas, performing backups to safeguard file integrity, and other activities specifically relating to general system administration. Administrators may not share another user's data with anyone without the owner's explicit permission. Where making non-security-related changes to a user's account, e-mail from the user requesting the action requiring those changes may be sufficient. When making security-related changes, e.g., resetting a user's password, the user's identity must be verified. Sysadmins may require identification other than e-mail from the account at their discretion, and should err on the side of caution where unauthenticated requests by e-mail ask for potentially destructive actions to be taken to a user's account. (Note that e-mail from an account is not normally considered an authenticated request.)
- Assist users with questions regarding system operation. System administrators should assist users in overcoming problems directly relating to the system. To achieve this, the user should work with the sysadmin to fix the problem where possible. Sysadmins should not assist in programming assignments, code debugging, or other similar tasks. This does not preclude sysadmins from providing consulting services, etc., on their own time. In addition, sysadmins are not required to "drop everything" to provide assistance, especially if they are already working on a problem with a wider-reaching impact. For example, a system administrator working on restoring e-mail service to a computing cluster is not required to stop work to restore a single workstation's functionality.
- Keep systems maintained properly and in good working order. Sysadmins are responsible for ensuring that systems are in good working order and should take steps to correct problems where possible, requesting additional assistance where necessary.
- Enforce policies. Sysadmins are required to enforce policies, such as this one, as part of their job. If a violation of established policy is detected, the sysadmin should take corrective action immediately. Note that some administrative actions, such as reactivating an account closed for security reasons, cannot be performed by student sysadmins.
- Treat users with courtesy and assist them in a timely, efficient manner. Users should expect courteous, efficient solutions from sysadmins. Sysadmins should expect civil behavior from users.