This page addresses common questions about self-administering machines at the University of Utah School of Computing. Suggestions for additions and modifications to this page are welcome through e-mail to: .
Who is this information for?
It is for SoC faculty, staff, and students who administer, or are considering administering, a machine that is connected to the SoC network. This machine may be one that is owned by the SoC or it may be a personal laptop (personally owned desktop machines are not permitted to connect to the SoC network).
It is likely that the only undergraduate students affected by this information are those who are actively involved with a research group.
Not affected by this information are users of machines administered by the SoC support staff and users of machines that are connected to the Flux, SCI, CoE, campus, or any other network.
What is a self-administered (“self-admin”) machine?
This is a machine connected to the SoC network whose system administrator is anyone other than the SoC support staff. The administrator of such a machine is personally responsible for the machines behavior. Informally, if you have root on a machine, or administrator access to a machine running Windows, then it is self-admin and you are the administrator. The OS and OS version that the machine runs is irrelevant.
What is the advantage of connecting a machine to the SoC network?
For most SoC faculty, staff, and students who work for a research group, this is the preferred way to connect to the Internet while you are in MEB/WEB. Also, you can access SoC services that are not available from outside our firewall.
Note that an alternate way to put a machine inside the SoC firewall is to use the SoC’s VPN. Simply put, there is little effective difference between a system in the MEB that is connected directly to the SoC network and a system anywhere else in the world, that is connected through the SoC VPN.
Can I get root on a machine that is administered by the SoC group?
No. If you must have root access then self-administration is your only option.
Please keep in mind that being root is a very blunt tool and it may not be the best solution to whatever problems you are having. Self-administration requires substantial expertise and time.
Furthermore, many problems that initially seem to require root access do not actually require root access. We are happy to discuss various options with you.
How do I request to self-administer a machine?
Just fill out this online request form.
How do I find out my MAC address?
On a Windows host you can bring up a cmd window and run ‘
On a *nix based host you can run ‘
ip addr‘ (or ‘
ifconfig -a‘ on older systems.) On some platforms you may need to be root to do this. Many machines have multiple interfaces (wireless, wired, VPN, VMWare, etc.) so please be sure to report the MAC address for the exact interface you intend to use.
What are the SoC DNS servers?
If your system IP address ends in an even number use 188.8.131.52, then 184.108.40.206. Otherwise list .71 first. This helps us to balance the load between DNS servers. 220.127.116.11 may be used as a tertiary server if desired.
I have inherited a machine from a student or a staff member or a professor. Is it self-admin? If so, what are the implications?
When you start using a machine, it is critical that you figure out if it is self-admin or not. If you are not absolutely sure of the machine’s status, contact the support staff at . If you cannot login using your SoC userid and password, then the machine is likely self-admin or broken.
If it turns out you have inherited a self-admin machine, you have three options:
- Let the support staff reinstall the OS at which point the machine is no longer self-admin (see the question about this below).
- Keep the machine as self-admin, but reinstall its OS yourself.
- Keep the machine as self-admin, running its current OS build.
Although option 3 seems initially the easiest, it can lead to major problems in the long run, if the machine contains customization’s that you are not aware of or do not fully understand. Regardless, this machine is now 100% your responsibility and any problems with it are yours to resolve.
Where can I obtain media for installing the operating system or other software on my self-admin machine?
Any Microsoft software that you wish to install, is your prerogative and responsibility. We cannot provide media or keys for you. We suggest that you check with the Office of Software Licensing or the University Bookstore before making a purchase, as you can sometimes save money by purchasing through the University.
For *nix, software is freely available on the Internet for whatever distribution you might be interested in. Please note that we do keep a local mirror of several of the more popular Linux distributions, which will greatly speed up your installation. Please see our Site Mirroring page for more details.
What are my responsibilities as a system administrator?
For every machine that you administer, you must:
- Install the OS
- Maintain the hardware (Failed components such as fans, power supplies. Replace missing parts such a cables, mice, etc.)
- Keep the system up to date by installing patches in a timely fashion
- Keep software that you compile yourself up to date
- Turn off network services that you do not require
- Configure the machine to use any SoC network services that you want (see links below)
- Install any application software you wish to run
- Perform any backups that you feel are necessary
- Deal with the aftermath (e.g. by reinstalling the OS) if your machine becomes compromised
- Let us know if the machine moves, changes MAC or IP address, changes host name, or leaves the SoC
- Let us know if the administrator for the machine changes
- Abide by the University’s Policies And Procedures Manual, in particular not using University resources for commercial gain, not releasing sensitive or copyrighted information, etc.
What will happen if my machine is hacked?
The immediate consequence is that your network port will be turned off and filtering rules specific to your machine may be entered into the SoC firewall. These measures are necessary to protect the rest of the users and systems of the SoC network. To get these locks reversed, you will need to talk to the SoC support staff and provide convincing evidence that you have fixed the problem and that you can prevent it from happening again.
If your machines represent a persistent security hazard to the SoC network (i.e. they keep getting hacked) or if some significant abuse of the SoC computing policy occurs, then machines that you administrate will permanently lose access to the SoC network.
If my network port gets turned off and I have a hub or switch connected to that port, will all machines connected to the port be cut off from the network?
Yes — this is unavoidable. For this reason we recommend that multiple users (e.g. in student labs) avoid sharing a single network tap if any of the connected machines are self-admin.
What services are available to a self-admin machine?
Basically any SoC service that can be authenticated on a per-user basis is available to self-admin machines. The major service that cannot be authenticated per-user is NFS. Available services include:
- Network connectivity
- E-mail via SMTP and IMAP
- Shell access to interactive servers
- CIFS (i.e. to mount filesystems via smbmount)
What services are absolutely not available to self-admin machines?
- Backups performed by the SoC support staff
- Rebooting, restarting, tweaking, tuning, debugging, or any other
- Hands-on management by the facility
Why won’t the SoC support staff help me out by taking over complicated, boring or time-critical system administration tasks on my self-admin box?
The facility is designed so that most users do not need to be system administrators. If you choose to live outside of this structure by becoming your own system administrator, then you are largely on your own. The SoC’s responsibility to a self-administrated system, ends at the network connection. A middle ground — sharing administration tasks between users and the support staff — has been found to work very poorly in practice.
In short, if you desire the flexibility of a self-administrated system, then you must bear the full burden of responsibility for that system.
Can my self-admin machine be a server?
How can I learn more about system administration?
A copy of the Linux Administration Handbook may be checked out from the front office.
The Web is replete with resources for both *nix and Windows administration.
What are my options if I decide that I no longer want to administer a self-admin machine?
The SoC support staff is happy to take over a machine again, provided that the hardware belongs to the SoC. We will not take over administration of a system which is not owned by the university. We will install a new Linux OS image on the machine, wiping the hard drives clean! You are responsible for backing up any data from the system that you wish to keep.
After re-installation, the machine will no longer be a self-admin system. Remember, data cannot be preserved across this transition, it must be backed up somewhere else until the re-installation is complete.