| 1 | 2008-03-15 |
|---|
| 2 | amended 2008-08-05 |
|---|
| 3 | Policy on the Use of scripts.mit.edu Administrative Rights |
|---|
| 4 | |
|---|
| 5 | Users of scripts.mit.edu have a reasonable expectation that the data |
|---|
| 6 | and code they store on our servers, and in sections of their locker |
|---|
| 7 | accessible only by our servers, will not be improperly accessed or |
|---|
| 8 | modified by anyone else, including by scripts.mit.edu maintainers. To |
|---|
| 9 | fulfill this expectation, we define a policy governing the |
|---|
| 10 | maintainers’ use of special permissions and credentials held by our |
|---|
| 11 | servers. This includes any administrative access to the scripts |
|---|
| 12 | servers, any use of private keys stored on the servers, and any use of |
|---|
| 13 | scripts-specific permissions granted on locker directories. |
|---|
| 14 | |
|---|
| 15 | Such use of administrative rights shall only be permitted under any of |
|---|
| 16 | the following circumstances. |
|---|
| 17 | |
|---|
| 18 | * Maintenance of the scripts.mit.edu service itself that is unrelated |
|---|
| 19 | to private user data. |
|---|
| 20 | |
|---|
| 21 | * Any access that is explicitly authorized by the owners of the data |
|---|
| 22 | in question. |
|---|
| 23 | |
|---|
| 24 | * Handling a user support request that cannot be satisfactorily answered |
|---|
| 25 | without resorting to using administrative rights. This access should |
|---|
| 26 | be restricted to only those files and resources that are strictly |
|---|
| 27 | necessary to fully answer the request. |
|---|
| 28 | |
|---|
| 29 | * Performing upgrades to autoinstalled software, using permissions |
|---|
| 30 | granted to the system:scripts-security-upd group. This group is |
|---|
| 31 | normally empty, but the root instances of scripts maintainers will |
|---|
| 32 | be added when needed to perform upgrades, at the discretion of the |
|---|
| 33 | architect. |
|---|
| 34 | |
|---|
| 35 | * Modifications that are necessary for server security or reliability. |
|---|
| 36 | In this case, any modifications should be clearly marked and the |
|---|
| 37 | user should be contacted. |
|---|
| 38 | |
|---|
| 39 | * Ensuring that updates or planned updates to the scripts.mit.edu |
|---|
| 40 | service do not break existing user deployments. In this case, any |
|---|
| 41 | modifications should be clearly marked and the user should be |
|---|
| 42 | contacted. |
|---|
| 43 | |
|---|
| 44 | [The third clause formerly read |
|---|
| 45 | * Handling a user support request that can reasonably be considered an |
|---|
| 46 | implicit authorization for that use. In this case, whenever |
|---|
| 47 | possible, any modifications should be reverted and the user should |
|---|
| 48 | be told how to make these modifications themselves. |
|---|
| 49 | and was changed in August 2008.] |
|---|
