1 | 2008-03-15 |
---|
2 | amended 2008-08-05 |
---|
3 | Policy on the Use of scripts.mit.edu Administrative Rights |
---|
4 | |
---|
5 | Users of scripts.mit.edu have a reasonable expectation that the data |
---|
6 | and code they store on our servers, and in sections of their locker |
---|
7 | accessible only by our servers, will not be improperly accessed or |
---|
8 | modified by anyone else, including by scripts.mit.edu maintainers. To |
---|
9 | fulfill this expectation, we define a policy governing the |
---|
10 | maintainers’ use of special permissions and credentials held by our |
---|
11 | servers. This includes any administrative access to the scripts |
---|
12 | servers, any use of private keys stored on the servers, and any use of |
---|
13 | scripts-specific permissions granted on locker directories. |
---|
14 | |
---|
15 | Such use of administrative rights shall only be permitted under any of |
---|
16 | the following circumstances. |
---|
17 | |
---|
18 | * Maintenance of the scripts.mit.edu service itself that is unrelated |
---|
19 | to private user data. |
---|
20 | |
---|
21 | * Any access that is explicitly authorized by the owners of the data |
---|
22 | in question. |
---|
23 | |
---|
24 | * Handling a user support request that cannot be satisfactorily answered |
---|
25 | without resorting to using administrative rights. This access should |
---|
26 | be restricted to only those files and resources that are strictly |
---|
27 | necessary to fully answer the request. |
---|
28 | |
---|
29 | * Performing upgrades to autoinstalled software, using permissions |
---|
30 | granted to the system:scripts-security-upd group. This group is |
---|
31 | normally empty, but the root instances of scripts maintainers will |
---|
32 | be added when needed to perform upgrades, at the discretion of the |
---|
33 | architect. |
---|
34 | |
---|
35 | * Modifications that are necessary for server security or reliability. |
---|
36 | In this case, any modifications should be clearly marked and the |
---|
37 | user should be contacted. |
---|
38 | |
---|
39 | * Ensuring that updates or planned updates to the scripts.mit.edu |
---|
40 | service do not break existing user deployments. In this case, any |
---|
41 | modifications should be clearly marked and the user should be |
---|
42 | contacted. |
---|
43 | |
---|
44 | [The third clause formerly read |
---|
45 | * Handling a user support request that can reasonably be considered an |
---|
46 | implicit authorization for that use. In this case, whenever |
---|
47 | possible, any modifications should be reverted and the user should |
---|
48 | be told how to make these modifications themselves. |
---|
49 | and was changed in August 2008.] |
---|