Host Self-Administration Guide
Written by Todd Green   
Monday, 05 November 2007 00:42

This page addresses common questions about self-administering machines at the University of Utah School of Computing. Suggestions for additions and modifications to this page are welcome through e-mail to: This email address is being protected from spambots. You need JavaScript enabled to view it..

Host Self-Administration Guide

  • Who is this information for?

It is for SoC faculty, staff, and students who administer, or are considering administering, a machine that is connected to the SoC network. This machine may be one that is owned by the SoC or it may be a personal laptop (personally owned desktop machines are not permitted to connect to the SoC network).

 

It is likely that the only undergraduate students affected by this information are those who are actively involved with a research group.

 

Not affected by this information are users of machines administered by the SoC support staff and users of machines that are connected to the Flux, SCI, CoE, campus, or any other network.

  • What is a self-administered ("self-admin") machine?

This is a machine connected to the SoC network whose system administrator is anyone other than the SoC support staff. The administrator of such a machine is personally responsible for its behavior. Informally, if you have root on a machine, or administrator access to a machine running Windows, then it is self-admin and you are the administrator. The OS and OS version that the machine runs is not relevant.

  • What is the advantage of connecting a machine to the SoC network?

For most SoC faculty, staff, and students who work for a research group, this is the preferred way to connect to the Internet while you are in MEB/WEB. Also, you get access to SoC services that are not available from outside our firewall.

Note that an alternate way to put a machine inside the SoC firewall is to use the SoC's VPN. Or to put that a different way, there is little effective difference between a laptop in MEB that is connected to the SoC network and a laptop in MEB (or anywhere else in the world) that is connected to the Internet in any fashion, and that is connected to the SoC VPN.

  • Can I get root on a machine that is administered by the facility?

No. If you must have root access then self-administration is your only option. 

Please keep in mind that being root is a very blunt tool and it may not be the best solution to whatever problems you are having. Self-administration requires substantial expertise and time.

Furthermore, many problems that initially seem to require root access do not actually require root access. We are happy to discuss various options with you.

  • How do I request to self-administer a machine?

Mail This email address is being protected from spambots. You need JavaScript enabled to view it. letting us know the host name, room number, and wall-plate network jack number. If the machine is a laptop we also need the MAC address so that you may obtain your IP address via DHCP. If your email isn't from your SoC account, please include your SoC username.

Students and staff, please also include the name of a faculty member who can claim responsibility for you (i.e., your adviser, supervisor, etc.) so this can be added to your point-of-contact information for security issues.

 

  • How do I find out my MAC address?

On a Windows host you can bring up a cmd window and run 'getmac /v'. On a *nix based host you can run 'ifconfig -a' (on some platforms you need to be root to do this). Many machines have multiple interfaces (wireless, wired, VPN, VMWare, etc.) so please be sure to report the MAC address for the interface you intend to use.

  • What are the DNS servers?

If your ip address ends in an even number use 155.98.64.70, then 155.98.64.71. Otherwise list .71 first. 155.101.115.10 may be used as a tertiary server. 

 

  • I have inherited a machine from a student or a staff member or a professor. Is it self-admin? If so, what are the implications?

When you start using a machine, it is critical that you figure out if it is self-admin or not. If you are not absolutely sure of the machine's status, contact the support staff at This email address is being protected from spambots. You need JavaScript enabled to view it.. If you cannot login using your SoC userid and password, then the machine is either self-admin or broken.

 


If it turns out you have inherited a self-admin machine, you have three main options:

  1. Let the support staff reinstall the OS at which point the machine is no longer self-admin (see the question about this below).
  2. Keep the machine as self-admin, but reinstall its OS yourself.
  3. Keep the machine as self-admin, running its current OS build.

Although option 3 is initially the easiest, it can lead to major problems in the long run if the machine contains customizations that you are not aware of or do not fully understand. Regardless, this machine is now 100% your responsibility and any problems with it are your problems.

  • Where can I obtain media for installing the operating system or other software on my self-admin machine? 
For Microsoft based machines, people affiliated with the SoC have access to a vast array of software including several versions of the OS through our MSDNAA service. Please see our MSDNAA FAQ for more information.  If there is additional software that you would like to install, that is your prerogative and responsibility. We suggest that you check with the Office of Software Licensing or the University Bookstore before making a purchase, as you can sometimes save money by purchasing through the University.
For Linux, software is freely available on the Internet for whatever distribution you might be interested in.  Please note that we do keep a local mirror of several of the more popular Linux distributions, which will greatly speed up your installation.  Please see our Site Mirroring page for more details. 
  • What are my responsibilities as a system administrator?

For every machine that you administer, you must:

    • Install the OS
    • Keep the system up to date by installing patches in a timely fashion
    • Keep software that you compile yourself up to date
    • Turn off network services that you do not require
    • Configure the machine to use any SoC network services that you want (see links below)
    • Install any application software you wish to run
    • Perform any backups that you feel are necessary
    • Deal with the aftermath (e.g. by reinstalling the OS) if your machine becomes compromised
    • Let us know if the machine moves, changes MAC or IP address, changes host name, or leaves the SoC
    • Let us know if the administrator for the machine changes
    • Abide by the University's Policies And Procedures Manual, in particular not using University resources for commercial gain, not releasing sensitive or copyrighted information, etc.
  • What will happen if my machine is hacked?

The immediate consequence is that your network port will be turned off and filtering rules specific to your machine may be entered into the SoC firewall. These measures are necessary to protect the rest of the users of the SoC network. To get these reversed, talk to the SoC support staff and convince them that you have fixed the problem and that you can prevent it from happening again.

If your machines represent a persistent security hazard to the SoC network (i.e. they keep getting hacked) or if some significant abuse of the SoC computing policy occurs, then machines that you administer will permanently lose access to the SoC network.

  • If my network port gets turned off and I have a hub or switch connected to that port, will all machines connected to the port be cut off from the network?

Yes -- this is unavoidable. For this reason we recommend that multiple users (e.g. in student labs) avoid sharing a single network tap if any of the connected machines are self-admin.

 

  • What services are available to a self-admin machine?

 

Basically any SoC service that can be authenticated on a per-user basis is available to self-admin machines. The major service that cannot be authenticated per-user is NFS. Available services include

  • Network connectivity
  • Printing
  • E-mail via SMTP and IMAP
  • Shell access to interactive servers
  • CIFS (i.e. to mount filesystems via smbmount)

 

  • What services are absolutely not available to self-admin machines?

 

  • NFS
  • Backups performed by the SoC support staff
  • Rebooting, restarting, tweaking, tuning, debugging, or any other
  • Hands-on management by the facility

 

  • Why won't the SoC support staff help me out by taking over [complicated or boring or time-critital] system administration tasks on my self-admin box?

 

The facility is designed so that most users do not need to be system administrators. If you choose to live outside of this structure by becoming your own system administrator, then you are largely on your own. A middle ground -- sharing administration tasks between users and the support staff -- has been found to work poorly in practice.

 

  • Can my self-admin machine be a server?

 

Probably -- send an email request to This email address is being protected from spambots. You need JavaScript enabled to view it. with the port(s)/protocol(s) you need unblocked. Not all services are allowed on our network (e.g. we will not give remote access to MySQL nor SMTP).

 

  • How can I learn more about system administration?

 

A copy of the Linux Administration Handbook may be checked out from the front office.

The web is also a great resource for both *nix and Windows administration. These are two of the many sites available for Windows administration:

  • What are my options if I decide that I no longer want to administer a self-admin machine?

 

The SoC support staff is happy to take over a machine again, provided that it belongs to the SoC in the first place. We will install a new OS image (Windows or Linux) on the machine. After this, the machine will no longer be a self-admin machine. In general, data cannot be preserved across this transition, it must be backed up somewhere else until the reinstallation is complete.