1. Account Types
2. Account Eligibility
3. Application
4. Login Security
5. Expiration
6. Deactivation of Accounts
7. Forgotten Passwords

1. Resource Conservation
2. Employer Reputation
3. Legal Issues

1. Disk, Memory, and CPU
2. Termination of Jobs
3. Software
4. Electronic Mail
5. Printing

1. Eligibility

1. Requesting Support
2. User Responsibilities
3. Levels of Support
4. Supported systems
5. Resolution and notification
6. Complaints and Suggestions
7. Emergency Support

1. Data Security
2. Physical Security
3. Enforcement

1. Account Types
   1. Faculty Accounts - Will be granted to faculty and staff who are directly employed by the Department of Planning or Geography. Such accounts are for the purpose of conducting research and performing administrative tasks in association with the Department of Geography or the Joint Center for GIS and SA. Faculty accounts have at least as much privilege as Research Accounts. (See I.2.1 for eligibility requirements).
   2. Research Accounts - Will be granted to graduate students, faculty, and staff of the University of Cincinnati for the purpose of conducting research in association with the Department of Geography or the Joint Center for GIS and SA. Will be granted to undergraduate students at the University of Cincinnati under certain conditions. (See I.2.1 for eligibility requirements).
   3. Student/Class Accounts - Will be granted to graduate students, faculty, staff, guests and undergraduates for course work requirements in association with the Department of Geography. (see I.2.2 for eligibility requirements).

2. Account Eligibility
   1. Faculty Accounts - Will be granted to faculty and staff of the University of Cincinnati upon filling out an account request form.
   2. Research Accounts - Will be granted to graduate students and guests, upon filling out an account request form with the signature of a sponsoring faculty member who is in the Department of Geography or associated with the Joint Center for GIS and SA. Research accounts will be granted to undergraduates only with a written request from a faculty member detailing why the student requires a research account. This request will include an estimate of disk usage requirements, the length of time for which the account will remain open, and for what purpose the account is needed. Guest accounts will be opened for non-UC affiliates and instructors under the same conditions. Please note that a need to "share data" with a non-UC affiliate is not an appropriate reason for an account to be given.
   3. Student/Class Accounts - Will be granted to any student who is enrolled in a University of Cincinnati course that requires use of the Geography department or Joint Center for GIS and SA computers. Students must fill out an account request form as described for research accounts above. The instructor for the course must sign the account request form. The instructor of the course must be in the Dept. of Geography or an affiliate of the Joint Center for GIS and SA.

3. Application Procedure - Application forms for all account types are available in the Geography Department office (Swift 704), the Joint Center Research Lab (DAAP 4820D) and online. Applications must be completed and returned to the Coordinator, the Systems Staff to the administrative assistant in the Dept. of Geography. Applications will be processed within one (1) week of their receipt by the staff. Any questions about proper first-time login procedure should be referred to the Coordinator or the Systems Staff.

4. Login security - See section on security (VIII.2.1) for guidelines on password security.

5. Expiration of accounts - Accounts will be expired one year after a faculty or staff member leaves the employ of UC, one year after a graduate student ceases research or teaching activities on behalf on the university, and three months after an undergraduate is awarded a degree (unless they remain at UC as graduate students). Student accounts are expired at the end of each quarter, unless a written request of a faculty member is made to "upgrade" the account to a research account. Such a request must be made one week before then end of the current quarter.

6. Deactivation of accounts - Accounts will be deactivated at the discretion of Systems Staff or the Coordinator in light of concerns about security or account misuse that violates this policy document. Accounts will be automatically frozen by the system for violation of disk quotas. The user is required to make an arrangements with the Systems Staff or the Coordinator to request reactivation of a deactivated account.
7. Forgotten Passwords - A user must see the Systems Staff or Coordinator in person with photo identification (UC identification for those who are employees or students at UC) to request a reset of any access password that has been forgotten.

II. General Conduct

1. Resource Conservation - Disk space, processor time, printer paper and toner are at a premium in the department. Users will keep this in mind at all times, and make every effort not to squander the resources available to them. Users should make ever effort to confine processor-intensive tasks to machines that are not publicly used for general computing tasks. On the Unix-like systems, such tasks should be run using "nice" to set them at a lower priority.

2. Institutional Reputation - Users are reminded that they are de facto representatives of the university via their contact with the outside world. Users will refrain from activities which would reflect negatively upon the Department of Geography, the Joint Center for GIS and SA, and University of Cincinnati in general.

3. Legal issues - No user will, at any time, take any action which is in violation of federal, state or local law, or in the rules of conducted outlined by the University. No user will willingly permit their account to be used in the commission of a crime. This includes, but not limited to, violations of security, either of our systems or anyone else's, and infringement of copyright laws. Failure to comply will result in the immediate and permanent loss of computing privileges and possible legal action to be taken against the individual(s) concerned. Users of Dept. of Geography and Joint Center for GIS and SA systems who have access to other systems via our network are expected to comply with the rules set forth by the administrators of those systems. Accounts will be frozen if outside administrators report misconduct involving the use of a Dept. of Geography or Joint Center for GIS and SA account.

III.Resources and Services

1. Disk, Memory, and CPU

   Unless otherwise noted, disk space refers to "server" disk space that each user has been given access to.

   1. Instructional Systems - Student/Class accounts have both hard and soft disk quotas. Users whose accounts are over the soft limit for more than 6 days will have their accounts locked. At no point are student/class users allowed to write in excess of their hard quotas. Users who need their quotas enlarged should make an appointment to discuss their needs with the Systems Staff on a per-case basis. Jobs which are expected to be long running or processor intensive should not be run on instructional systems without prior approval from the Systems Staff.

      Instructional NT systems also have a local area (on the D: drive), that is meant for temporary storage and general work area. This area will be cleared by the Systems Staff each quarter, or when the space is completely filled. The Systems Staff makes no guarantees of availability of this space. Users are strongly encouraged to use their home directories for maximum availability and safety.

      Certain instructional systems may be marked for use only by certain courses. If a machine is marked as such, only those individuals in the listed courses and faculty teaching those courses are permitted to use these machines. Use of these systems for any other purpose is considered a violation of this policy.

   2. Research Systems - There are presently no disk limits for research systems and research accounts on instructional systems. However, as these machines are shared resources, users are expected to respect the needs of others. Users whose use is excessive will be asked to curtail it, and if the problem continues, they may be required to purchase their own storage areas. Users with very high disk requirements are encouraged to discuss the matter with the Systems Staff well in advance of any highly disk intensive work. Processor intensive jobs should be restricted to non-public machines whenever possible. If processor or network intensive tasks must be run on Unix-like systems, users are expected to use "nice" to readjust the priority of their jobs so as not to negatively impact other users of the systems.

   3. General Usage Policies - Jobs which are interfering with the ability of other users to utilize a public system may be stopped or terminated at the discretion of the Systems Staff. Users should make every attempt to exit applications properly so as to avoid runaway processes. Users have a limited amount of disk space available to them in temporary storage areas of each machine (this is /tmp on Unix-like systems and C:\TEMP on NT systems, but not D: on Instructional NT systems (see above)). This is a volatile space. The systems staff reserves the right to delete any of these files at any time. In addition, such files will definitely be lost at reboot on all of our systems. Users are discouraged from storing files in temporary space.

      Machines are made available primarily for research and teaching in the Dept. of Geography and the Joint Center for GIS and SA. However, in the interest of utility, open access has been given to the Internet, the general campus network and to network resources on some machines. Users are expected to use the machines within reason, and a user in need of specific Geography or Joint Center applications should always be given precedence for use of a machine.

2. Termination of Jobs - The Systems Staff may stop or terminate jobs which are actively interfering with normal use of the systems. The Systems Staff will first attempt to contact the user whose job is causing problems, and may, if such contact is unsuccessful, stop or terminate the process. In the case that this activity is taking place on a machine not run by the Department or the Joint Center, the following steps will be taken: First, the Systems Staff will attempt to contact the designated point of contact for the machine in question. Second, if they have administrative privileges on the machine in question, the systems staff will attempt to fix the problem. Finally, as a last resort, network access from the host in question may be terminated.

3. Software
   1. Supported - Locally installed programs will generally be available on departmental and Joint Center machines. The Systems Staff has the authority to make decisions about what software packages will be supported. Any software required for use by classes must be requested no later than three weeks before the start date of the class. Requests made at a later date may not be honored.

   2. Unsupported - Users have the opportunity to install unsupported software on systems in their home directories. Software installed by users on both the research and instructional systems is not supported by the department, and technical support will not be made available for these applications. Under no circumstance will users install any software which requires a license not held by the department or by the Joint Center. This precludes users installing software for which they are personally licensed, but for which the department is not.

      Under certain conditions, the Systems Staff may agree to assist a user with the installation of unsupported software. Help from the Systems Staff in no way implies that the software in question is supported software.

      In general, only software that is directly needed for research, teaching or administrative tasks is supported. Software that is needed for personal tasks unrelated to the University, the Joint Center for GIS and SA, or the Department of Geography is not supported in any way.

4. Electronic Mail - The Dept. of Geography and Joint Center for GIS and SA do not currently offer any email services. However, they may at some point in the future, and a policy on that will be developed at that time. Some packages for use with electronic mail are made available and supported in the Joint Center for GIS and SA and the Dept. of Geography, but the Systems Staff does not support mail services themselves. .

5. Printing - LaserJet and DeskJet printers are available to all students and faculty in several locations. Users should pick up their print jobs as soon as possible. Unretrieved printouts will be discarded after a period not longer than 24 hours. Undergraduate print jobs have a limit of 25 pages per job. Undergraduates needing to print larger jobs must get prior permission from the Systems Staff. Failure to comply with this regulation may result in the levying of a $.25 per page fine

V.Data Integrity

Data stored on server directories (e.g., home directories) are backed up once per week to tape. However, due to the arcane nature of our current backup hardware, restoring files takes a good deal of time. Therefore, any lost files must be requested for restoration by the Systems Staff. Please give the full network path name of the file, or the Systems Staff will be unable to restore it. Please allow one week for files to be restored.

For graduate students and faculty, there is a ZIP drive available in 714A. Students may back up their own data to a ZIP disk of their own, if they desire more reliable backups than the Systems Staff provides.

1. Eligibility - All graduate student members of the Systems Staff (as appointed by the Systems Staff) and the Coordinator him/herself are eligible for administrative access to any machine run by the Department of Geography.

1. Support requests - Requests for user support will be submitted via email or in person to members of the Systems Staff. In person requests may only come during published Systems Staff .

   The Systems Staff will attempt to deal with the request immediately, if possible, however the Systems Staff reserves the right to allow the Coordinator to assign a priority to tasks that require more time. In the near future, these tasks and their priorities will be made publicly available via the World Wide Web, and every effort will be made to keep these lists up to date. Repeated requests for the same task or non-adherence to this policy will result in the job in question being moved to the bottom of the queue, regardless of how long it has been pending or its priority.

2. User responsibilities - Users should make every attempt to answer their own questions, using on-line references such as the man page system the World Wide Web, as well as paper-based manuals, and the System FAQ before submitting a question for user support. In the near future, a mailing list will be provided through which users can provide answers to each others' questions. Only after these resources have been exhausted should questions be submitted to the support staff.

3. Levels of Support - The systems staff provides the following levels of support for various systems:
   1. First Tier - These are machines that are under the "administrative control" of the Systems Staff. At this level of support, the Systems Staff will configure and maintain machines with full network capabilities and full access to all Geography and Joint Center services. Machines at this level will be allowed to mount and export directories, use distributed password handling, use the Geography and Joint Center printing and other facilities. The Systems Staff will maintain all vendor-supplied software, and selected freely-available software packages on these systems.
   2. Second Tier - These are machines that are not under the "administrative control" of the Systems Staff. These machines will be support only to the extent that they will assist users in connecting to department resources. However, the support for this will be very limited, and support for First Tier systems will always be given priority.

4. Supported Systems -
   1. First tier - All machines in the GEOGRAPHY NT domain, which includes the server, EVEREST, and NT Client machines in the Geography GIS lab (Swift 706), and the NT and Win95 machines in Swift 710. All machines in the GISSA NT domain, which includes the server, NAMSAN, and the client NT machines in DAAP4820D. All GISSA Unix machines, which currently includes only k2.gissa.uc.edu and alpine.gissa.uc.edu
   2. Second tier - all machines in faculty offices in Geography, and cactus in DAAP4820D.
5. Resolution and Notification - As requests are handled, the user responsible for initiating the request will be notified via email. In the near future, users will be able to access the status of their requests via the World Wide Web at any time. Users should not attempt to contact the Systems Staff or the Coordinator to ascertain the status of their requests. Notification of major changes to Geography and Joint Center Systems will be advertised in advance on the Support WWW page.

6. Complaints and Suggestions - Complaints and suggestions should be made in writing to the Coordinator.

7. Emergency Support
   1. Procedure & Availability - Any student or faculty member may declare an emergency at any time. All declarations of emergency will be posted publicly, and will be subject to review after the fact. The procedure for declaring an emergency is as follows: E-mail should be sent to the Computing Resource Coordinator. The email must contain as specific a description as possible of the problem, and why this problem constitutes an emergency. If email is unavailable due to the nature of the crisis, the report should be made in person or by telephone to the Coordinator.
   2. Criterion - These are the criterion that the Systems Staff will use in determining what situations constitute an emergency. Users are encouraged to use similar guidelines when requesting assistance. Emergencies should not be specific to one user; they should effect all users. Emergencies are caused by unexpected failures, not by lack of planning. Emergencies represent a major impediment to normal working procedures, not an inconvenience. Emergencies will be declared by the systems staff under the following conditions: Failure of an important service (for example: sendmail or NFS file service), loss of function to a key department machine (k2, EVEREST, NAMSAN), immediate security crisis (physical or electronic), power failure. The systems staff reserves the right to reclassify a user's declared emergency based upon these criterion.
   3. Documentation - All declared emergencies should be documented in writing (email) as described above at the time of the declaration. All declarations of emergency will be publicly posted on the World Wide Web after the resolution of the crisis.
   4. Review - All declared emergencies will be reviewed by the Systems Staff and the person responsible for declaring the emergency as necessary. The review meeting will cover the nature of the problem, its resolution and any steps that can be taken to avoid repetition of a crisis situation. These reviews will serve to establish efficient procedures for emergency response, and to further refine proper criterion and strategy for emergency response.

1. Data Security
   1. Objectives - To prevent unauthorized use of our facilities for any purpose. Specifically, to prevent our machines from being used as "jumping-off points" for illicit or illegal activity. To protect user data from destruction by vindictive or malicious users, either internal or external. To protect user data from accidental destruction by other users.

   2. User responsibilities
      1. Passwords - All passwords must meet a reasonable standard for security. Passwords should not contain any part of any username. They should not be dictionary words, in this language or another. Passwords should contain both capital and lowercase letters and non-alpha-numeric characters. Users must not share passwords. Users will not make written copies of their passwords. Users will not make attempts to subvert system security. Users should change their passwords often (at least monthly is recommended). Under no circumstances should a user leave a logged-in, unlocked terminal unattended.
      2. Sharing of accounts - Under no circumstances will any user on the systems allow access through their account to anyone else. This means that the user may not give their password to someone else, nor may they log in for the purpose of allowing someone else to use their account. This includes family members and other system account holders.
      3. .rhosts and .forward files - Users will not put "+" entries in .rhosts files. A software application is run a weekly basis to detect these entries. Users who have insecure .rhosts or .forward files are subject to having these files changed by the systems staff. Users whose files have been altered for security reasons will be informed of such actions by the systems staff.
      4. Permissions and Configuration files - It is strongly advised that users DO NOT allow world or group permissions of any kind on their files, except where absolutely necessary (i.e., public_html directories). Before modifying any of their configuration files, users are responsible for making themselves aware of any possible security implications. Users are responsible for the permissions that are set on their files.
      5. Encryption - Users are encouraged to use encrypted methods for all logins and file transfers. SSH (secure shell) and SCP (secure copy) are available on all departmental UNIX machines. Users are encouraged to use PGP for any email which is intended to remain private. SSH automatically handles X redirection. Users are strongly encouraged to use this facility in favor of the less secure xhost and xauth programs.
      6. Copyright Policy - Users will not appropriate nor distribute copyrighted material for which they do not have legal rights using Department equipment. This includes via http, ftp or by incorrectly setting permissions, so as to allow widespread access.
      7. Security-related research/experimentation - Any action taken by any user which that user has reason to believe may have an impact on the security of any Geography or Joint Center system, or which may result in a denial of service must be explicitly approved beforehand by a member of the Systems Staff. This includes the writing/testing of exploit code, and any testing of known or suspected bugs. Failure to obtain prior approval for such actions will be interpreted as malicious intent, and will be dealt with accordingly.
      8. Possession of exploit code - Exploit code is defined as any script or program designed to make use of known bugs or functionality in an attempt to gain unauthorized access to a system or to conduct a denial of service. Any user in possession of exploit code must make the Systems Staff aware of its presence on the system within a reasonable period of time.
      9. Incident Reporting - Users should report all confirmed or suspected security violations immediately. Large-scale or potentially dangerous security violations justify the declaration of an emergency.

   3. Physical Security
      1. Equipment Removal - Equipment will not be removed from its designated area except by members of the Systems Staff. Anyone needing to remove or relocate department equipment must obtain approval from the the Coordinator.
      2. Personal equipment - Personal equipment is allowed on site, and can even be granted network access. Personal equipment should be clearly marked to show ownership, so as to avoid confusion with departmental resources. All personal equipment should meet the same standards for security that departmental machines must meet.
      3. Incident reporting - Faculty, staff and students who believe they have witnessed an act of theft or vandalism should report the incident to the Systems Staff and UC Security immediately. Serious breaches of physical security justify the declaration of an emergency.

   4. Enforcement - Users who do not comply with the above policy will have their accounts frozen, and possible legal or disciplinary action taken against them. Accounts will be unfrozen at the discretion of the Systems Staff and the Coordinator.

   IX. Policy Revision Management - Any Geography Department user has the right to ask for a change in the Department's computing policy. These requests should be submitted in writing to the Coordinator. The Coordinator will meet with the Systems Staff to discuss the feasibility of a request, and its effect on existing policy. The Coordinator, in conjunction with the Systems Staff will arrive at a decision, and inform the user in question within one (1) week.

Systems Staff - Will refer to graduate student system staff members, who are employed by the Joint Center for GIS and SA.

Guests - Will refer to people not affiliated with the Departments of Geography or Planning Science who are granted access to Geography or Joint Center facilities at the special request of faculty and staff.

Computer Resources Coordinator - Referred to herein as "the Coordinator" - member(s) of the faculty responsible for all communications between the systems staff and the faculty and students. This position is currently held jointly by Howard Stafford and Lin Liu when concerning Geography issues, and by Howard Stafford when concerning Joint Center issues alone.

Research Systems - Machines used primarily for research. These systems include all Unix systems in the Department, NT machines in faculty offices, and the "graduate student" machine in Swift 710.

Instructional Systems - Machines used for primarily for teaching. These systems include the NT systems in the Geography Computing Lab, and the NT server, EVEREST. Please note that these systems are also used for research, and research accounts are granted on these machines.

LAST UPDATE: 30 March 1998 by bkuhn