| 1 | 2008-03-15 | 
|---|
| 2 | amended 2008-08-05 | 
|---|
| 3 | Policy on the Use of scripts.mit.edu Administrative Rights | 
|---|
| 4 |  | 
|---|
| 5 | Users of scripts.mit.edu have a reasonable expectation that the data | 
|---|
| 6 | and code they store on our servers, and in sections of their locker | 
|---|
| 7 | accessible only by our servers, will not be improperly accessed or | 
|---|
| 8 | modified by anyone else, including by scripts.mit.edu maintainers.  To | 
|---|
| 9 | fulfill this expectation, we define a policy governing the | 
|---|
| 10 | maintainers’ use of special permissions and credentials held by our | 
|---|
| 11 | servers.  This includes any administrative access to the scripts | 
|---|
| 12 | servers, any use of private keys stored on the servers, and any use of | 
|---|
| 13 | scripts-specific permissions granted on locker directories. | 
|---|
| 14 |  | 
|---|
| 15 | Such use of administrative rights shall only be permitted under any of | 
|---|
| 16 | the following circumstances. | 
|---|
| 17 |  | 
|---|
| 18 | * Maintenance of the scripts.mit.edu service itself that is unrelated | 
|---|
| 19 | to private user data. | 
|---|
| 20 |  | 
|---|
| 21 | * Any access that is explicitly authorized by the owners of the data | 
|---|
| 22 | in question. | 
|---|
| 23 |  | 
|---|
| 24 | * Handling a user support request that cannot be satisfactorily answered | 
|---|
| 25 | without resorting to using administrative rights. This access should | 
|---|
| 26 | be restricted to only those files and resources that are strictly | 
|---|
| 27 | necessary to fully answer the request. | 
|---|
| 28 |  | 
|---|
| 29 | * Performing upgrades to autoinstalled software, using permissions | 
|---|
| 30 | granted to the system:scripts-security-upd group.  This group is | 
|---|
| 31 | normally empty, but the root instances of scripts maintainers will | 
|---|
| 32 | be added when needed to perform upgrades, at the discretion of the | 
|---|
| 33 | architect. | 
|---|
| 34 |  | 
|---|
| 35 | * Modifications that are necessary for server security or reliability. | 
|---|
| 36 | In this case, any modifications should be clearly marked and the | 
|---|
| 37 | user should be contacted. | 
|---|
| 38 |  | 
|---|
| 39 | * Ensuring that updates or planned updates to the scripts.mit.edu | 
|---|
| 40 | service do not break existing user deployments.  In this case, any | 
|---|
| 41 | modifications should be clearly marked and the user should be | 
|---|
| 42 | contacted. | 
|---|
| 43 |  | 
|---|
| 44 | [The third clause formerly read | 
|---|
| 45 | * Handling a user support request that can reasonably be considered an | 
|---|
| 46 | implicit authorization for that use.  In this case, whenever | 
|---|
| 47 | possible, any modifications should be reverted and the user should | 
|---|
| 48 | be told how to make these modifications themselves. | 
|---|
| 49 | and was changed in August 2008.] | 
|---|