Owlnet Usage Policy

Owlnet exists to provide educational computing resources to members of the Rice community. The policies adopted by the Owlnet Steering Committee are intended to further this goal. The basic philosophy of the policies is that all users should be given fair and reasonably equitable access to the computing resources of Owlnet. Note that the policies listed below are in addition to the campus-wide policies outlined in the University's Appropriate Use of Computer Resources Policy (832-99). Violations of the Rice AUP are considered violations of Owlnet policy.

Appropriate Use of the System

Given Owlnet's educational mission and the need to provide all users fair and reasonably equitable access to the system resources, the following describes how to use Owlnet appropriately:

Use only your own userid and password to access the network, unless you are explicitly authorized to use a special userid and password, such as a course account userid and password, for a designated purpose. Do not allow other users to use your userid and password to access the network. This is for your own protection as well as the protection of the network in general.
Keep your password confidential and change it at regular intervals. Once per month should be sufficient. Printing and S/Key passwords must be different from your Owlnet unix password.
Manage your use of system resources to minimize the impact of your activities on other users. Use only the resources that you need to complete your activity and learn how to use those resources efficiently. Take care that you don't use excessive or unnecessary CPU cycles, system memory, disk space, or printer supplies. For example, don't run find commands on large file systems, or otherwise severely tax the system resources for non-coursework activities. Don't make unnecessary printouts, and make sure to pick up your printouts from the printer stations. Don't leave them lying around.
Do not make hard links from your directory to files in other directories. Hard links point to the location of a file on the hard disk. To remove a file, all hard links to it must be removed, including the name by which it was first created. Instead, use symbolic links, which are pointers to the pathnames for files. Do this by specifying a -s option when using ln to make links. Do not use symbolic links to allow access to files outside your home directory by non-interactive logins. Symbolic links intended to cause a disruption of the normal functioning of finger or http are prohibited.
Abide by the system mechanisms designed to ensure reasonably equitable computing resource distribution amongst all users, such as disk space quotas, screen locking timeouts, and printing charges. Use the designated methods to acquire a larger share of computing resources if you justifiably need them for your work.
Modify only your own data and files and create them only in your own directories or designated system directories unless given explicit written or verbal permission to modify another user's data or files or create them in their directories. Merely having write capability enabled on a file or directory does not constitute explicit permission. A designated system directory is set aside for users to create or modify temporary files. This directory is named /tmp.
Don't abuse your tmp directory privileges. Do not transfer files from remote systems to the system tmp directories without permission. Remove files from /tmp when you are finished with them. Files stored in /tmp are not guaranteed to remain there for any length of time.
CVS space is to be used for collaborative projects only. Other use of this space may result in account lock-out and removal of the files in question.
Use the system for valid educational purposes only unless given explicit permission by Owlnet management to do otherwise.
Do not propagate electronic chain letters. (A electronic chain letter is a message that is sent to a number of people, asking them to forward it on to even more people.) Chain letters waste bandwidth, put unnecessary strain on the mail system, and are illegal in some cases.
Clean out your mailbox. Electronic mail messages in your incoming mailbox are stored on a mail spool, space that you share with other users. Keeping more than 10 MB of messages in your mailbox is considered unnecessary and inconsiderate.
Refrain from deliberately engaging in activities that are intended to hinder another user's ability to do their work. For example, do not run programs that are designed to disrupt another user's display.
When exploring the Internet, keep your file transfer requests reasonable. Don't FTP a file from Switzerland if you can find it in the United States. Don't connect to high-traffic sites during business hours; either wait until a non-peak time or find a mirror site which offers the same software.
Abide by the Owlnet User Agreement, other Owlnet policies, university computing policies, and local, state, or federal statutes and regulations concerning the use of computing facilities.

Of course, attempting to do the converse of the above descriptions would be inappropriate use of Owlnet. People who use Owlnet inappropriately will have disciplinary action taken against them (see the section Owlnet Policy Enforcement Guidelines). Action is not limited to incidents involving only Owlnet equipment. Inappropriate use of computing facilities external to Owlnet, but accessed through or by Owlnet, will be considered an inappropriate use of Owlnet itself. You should send electronic mail to consult@owlnet asking about anything that might be questionable before you do it.

Work Priorities

Owlnet is an intensively used resource. Playing games, experimenting with graphics tools and reading electronic news can contribute to the educational process; however, during times when the network is heavily used, these pursuits need to make way for users trying to complete course assignments. Therefore, Owlnet users must abide by the following priority system:

Priority by Type of Work

System maintenance by staff and student system administrators
Courseware development or assignment grading by faculty or labbies
Completion of course assignments by students
Reading or sending electronic news or mail
Individual environment customization; Internet browsing
Experimenting with standalone games or graphics

In addition, students whose course work requires a color workstation (such as VLSI design) have priority on the color workstations over other students.

If you have work to do that is a higher priority than that of the user occupying a seat, then you have the right to ask that user to vacate his or her seat. The activity that the user occupying the seat is engaged in at the time that you ask them to vacate should be used to determine relative priorities of your and their activities. This means that if you mix activities of differing priorities, you run the risk of losing your seat and not being able to complete your higher priority work because you may be asked to vacate your seat while you are engaged in a lower priority activity.

Playing Games

Playing games on Owlnet can contribute to the educational experience. However, this activity must make way for users trying to complete course assignments, and cannot unduly interfere with the operation of the system as a whole. The following policies apply to games on Owlnet UNIX workstations.

Playing standalone games is permitted under the following conditions:

Anyone playing a standalone game when the last seat in the room becomes occupied must vacate his or her seat.

If you have schoolwork to do and a person is playing a game, you have the right to ask that person to vacate the seat if no other workstations of the same type are available in that room.

Users playing games who refuse to vacate should be reported to Owlnet management by electronic mail (director@owlnet).

Playing network games or games that unduly affect system resources is not permitted. (A network game is defined as one that allows two or more players to interact with each other from more than one workstation. The game makes use of the network facilities to accomplish this.)

Games that unduly affect system resources include, but are not limited to, standalone games that require excessively large files, or excessive computational or input/output resources, or can render all or part of a system inoperable due to minor misconfiguration of the game files or directories.

As they are discovered, network games, or standalone games that interfere with the system resources, will be rendered inoperable and eventually removed from the system. The owner of the game shall be notified by electronic mail that these actions have occurred.

Recreating a game that has been removed from an Information Technology managed machine is an offense punished by lock-out. The offending user will no longer be allowed access to his or her account.

Electronic Mail

Owlnet management will not regulate in any way the content of private, consensual electronic mail communication between users.

Sending electronic mail directly to an unofficial automatic mail-handling program is not allowed. Unofficial means something that is not a standard part of the system and has not been installed by the Owlnet system management. Using an automated method to direct any incoming mail to an unofficial program is not allowed. This restriction is in place to guard against a mail-handling or directing method having an error, such as an infinite loop, that could flood the mail system with spurious messages, preventing others from sending or receiving mail and possibly significantly impacting overall system performance.

Forging electronic mail communications is an offense punishable by lock-out. The offending user will no longer be permitted access to his or her account.

Privacy

Although Owlnet will not regulate the content of electronic mail or other files, Owlnet system management, in order to preserve the integrity or operational state of the network, may find it necessary to look at, without your prior consent, any data, files, or mail messages of yours that exist on the system. See section Statement of Ethics with Respect to User Data for Systems and LAN Management's policy on maintaining the confidentiality of user data.

You should be aware that no computer security system, no matter how elaborate, can absolutely prevent a determined person from accessing stored information that they are not authorized to access. Thus, while Owlnet tries to provide a reasonable level of confidentiality for information stored on the network, we cannot guarantee the privacy or confidentiality of any information stored on it. Therefore, if there is any information that you absolutely do not want another person to see or access, then you should not store it on Owlnet.

This policy exists to make you aware of the inherent limitations on your ability to maintain your desired level of privacy or confidentiality of information stored on the network.

Research

Owlnet currently does not support research activities during the Fall and Spring semesters. Research activities include the following:

Computational activities that are undertaken to directly support a Masters or Doctoral thesis.
Computational activities that are undertaken at a faculty member's direction to support any faculty member's research.

These definitions apply whether someone is actually using Owlnet computers for the computation or activity, or is using Owlnet workstations to remotely login to non-Owlnet systems where the activity is taking place.

Research activities do not include the following:

Undergraduate independent projects as a structured part of an undergraduate degree.
Structured projects or coursework as part of a professional (non-thesis) masters degree.
Structured projects or graduate coursework that does not directly support a thesis.

Preventing Access by Others

Leaving your workstation unattended is dangerous to your personal files, your reputation, and to system security. People have taken advantage of such unwary users by erasing their files, sending rude mail to third parties, changing the unfortunate user's password to something unknown so that they are locked out of their account, and setting up ways to do all of these things again in the future. Obviously, such actions are unacceptable and will be punished; however, punishment of the malicious user comes after the damage is done.

When you are running a windowing system (such as X Windows), a program is available through a menu option (usually accessed with the right mouse button) to lock a workstation's screen. You should use this program whenever you are going to be away from your station for a short period of time. The lockscreen programs available on the system will log you out of your workstation at the end of a twenty minute period. This should be enough time to go to the restroom, pick up a printout, or get a labby's attention. Users are not allowed to use their own versions of lockscreen programs. Furthermore, software intended to interfere with the automatic screen locking of inactive workstations is prohibited.

If an unattended and unlocked workstation is found by a system administrator, they will start the lockscreen program for you or log you out.

Background Jobs

Putting a program into an unattended state while it continues to execute and logging out of a computer is known as putting the program, or 'job,' into the background. Running a program on one machine and displaying its output on another through X Windows is not considered backgrounding the job. All back-ground jobs must have their execution priority set to a level lower than that for interactive processes. The job priority levels range from 1 to 19, with 1 being the highest priority. Background jobs must be set to a priority of no higher than 10 using the UNIX command nice. The syntax is as follows:

prompt% nice -# jobname

where # is a number >= 10 and jobname is the name of the program you would like to run in the background.

Please read the manual page for nice for more information on using this command. Background jobs should be run one after another. Two background jobs run consecutively will always run faster than two background jobs running at the same time.

Background jobs are currently only allowed on the compute servers vermiculated, ural, great-gray, and great-horned. Forest, jungle, short-eared, and long-eared are for interactive computing only. If a background job is found running on a disallowed workstation (this includes any workstation for which you are not on the console, i.e., you are not sitting at it) or server, it will be killed. Other penalties may be enforced (see the section Owlnet Violations and Penalties). If it is running on the acceptable machine but its priority is not set low enough, then it will be set to the lowest priority level possible (19).

This policy is in place to insure that maximum system resources are available to users who are using Owlnet interactively, as they must be logged on to use the network in this manner.

Note: Distributed computational efforts not directly related to coursework are prohibited at any time. Examples include cryptographic cracks and projects such as seti@home.

System Administrator Talk Requests

Sometimes the Owlnet system administrators notice unusual activity occurring in or caused by a user's account. Often the administrators attempt to investigate what is going on by initiating an interactive electronic talk session with the userid in question.

Sometimes the user refuses to respond to the talk request and logs off immediately. This behavior raises the suspicion that the user may be violating system or university policies, or even more serious, the person using that userid is not the true owner of the userid.

Given Owlnet's need to maintain continuous service for several thousand users, the system administrators will treat a user refusing a system administrator's talk request by logging off as a potential security violation. In this situation, the system administrators have been authorized to immediately lock the account of that user. This prevents any further activity with that account, which will protect the system, and if the user account has been compromised and is being used by someone other than the true owner, prevents any further possible damage to that user's or other users' files. The owner of that userid will be directed to meet with the Owlnet management.

Many users routinely disable incoming talk messages, presumably to cut down on distracting conversations with other users. We would advise that you not disable incoming talk messages as a matter of course. This will reduce the possibility that a system administrator who may be trying to talk to you will misinterpret your actions. Message receiving is enabled by default, so if you do not take action you have nothing to worry about.

Remote Login Sessions

These server login restrictions are in place to ensure that maximum system resources are available to those users who are physically in the Owlnet labs.

The full domain addresses of the systems mentioned below are:
short-eared.owlnet.rice.edu or se.owlnet.rice.edu
long-eared.owlnet.rice.edu or le.owlnet.rice.edu
great-horned.owlnet.rice.edu or gh.owlnet.rice.edu
great-gray.owlnet.rice.edu or gg.owlnet.rice.edu
vermiculated.owlnet.rice.edu or verm.owlnet.rice.edu
ural.owlnet.rice.edu
forest.owlnet.rice.edu
jungle.owlnet.rice.edu

On-campus:

If you are working on Owlnet on campus, you can use the servers: long-eared, short-eared, ural, verm, great-gray, great-horned, forest, and jungle. XDMCP connections are allowed only to forest and jungle (foreground) and ural and vermiculated (background.)

Off-campus: Terminal Server

If you are connecting via the campus terminal server, charon.rice.edu, you may remotely log in to any Owlnet server listed above.

Off-campus: VPN

Off-campus users will have to set up VPN to access owlnet servers. Please consult the VPN section for further information.

Residential College Computing

Computing in the colleges is an extension of Owlnet termed ResNet. Thus, behavior on ResNet is subject to the policies of Owlnet and Rice University, where applicable. Specific items of interest to operators of computers in the colleges include:

Use of the network to gain unauthorized access to resources of this or other institutions, organizations, or individuals, or an attempt to gain such access, is a violation of Rice's AUP (832-99), and will be dealt with accordingly.
Port scanning, or similar network mapping and investigation techniques, other than that performed by Owlnet in the management of its network, is prohibited. Repeated violation of this prohibition will be considered an attempt to gain unauthorized access and subject to the same penalties.
The offering of conventional services on alternate ports on college hosts as a means of circumventing Owlnet network access policies is prohibited.
Owlnet reserves the right to scan the residential networks for potential security risks and to ensure network policy compliance. Firewalling or otherwise attempting to hide a computer from an authorized scanning host is not permitted, and may be construed as evidence of an attempt to hide policy violations.
The primary purpose of the residential college networks is to provide for educational computing. While it is understood that the network will also be used for recreational purposes, users of ResNet should be aware that excessive bandwidth consumption for gaming, exchange of audio or video streams, or similar recreational activies constitues a denial of service for others engaged in educational pursuits. Owlnet may take any action necessary to prevent such denials of service.
ResNet may not be used to provide commercial services.
Copyright laws apply in the residential colleges, just as they do elsewhere. Copying, downloading, or distributing copyrighted materials without the authorization of the copyright owner is against the law, and may result in civil and criminal penalties, including fines and imprisonment.
Network access in the colleges is a privilege that may be revoked without prior warning is cases involving security, policy violations, or violation of state or federal laws.

Owlnet Policy Enforcement Guidelines

The following guidelines will be used when users are accused of violating Owlnet policies.

Demonstrated intent to violate policy will be considered the same as an actual policy violation. Demonstrated intent means evidence of actions that, if successful or if carried out as intended, would result in a policy violation.

Violations or intended violations of the University Appropriate Use of Computer Resources Policy (832-99) will be considered violations of Owlnet policy as well.

Disciplinary Actions

Depending on the nature and severity of the policy violation, Owlnet management or the University Court may take one or more of the following disciplinary actions:

Verbal, written, or electronic mail warning.
Disciplinary probation or suspension.
Temporary access denial (lockout). Lockout may be implemented without warning or formal accusation. See section Lockout Security Precautions.
Permanent access revocation (lockout). If users are permanently locked out they will be responsible for providing the computer resources needed to complete their course assignments. See section Lockout Security Precautions.
Fines to cover amount of damage caused by the action. See section Damage Costs Assessments.
Alternative punishment, such as community service hours, which may include tasks such as cleaning lab machines, etc.

If warranted, Owlnet management will refer the case to the appropriate local, state, or federal authority for further disposition.

Lockout Security Precautions

In order to protect the security of the Owlnet system and other systems on the Rice campus, Owlnet System Administrators are not required to give warning before instigating temporary access denial (lockout).

Evidence of attempted or actual system security, integrity, or performance related incidents will be cause for immediate access denial to your Owlnet account and to your college room port. The purpose of access denial in these cases is to prevent further damage to the system or data while an investigation is being conducted as expeditiously as possible.

Users who are denied access to their Owlnet account will be notified the next time they attempt to access the system that they have been denied access, the specific incident that led to the access denial, and any further action they are expected to take, such as to meet with Owlnet management.

After investigation the case may be referred to the University Court for disciplinary action, if warranted. If referred to University Court, users will remain locked out until the court convenes, which could take up to two weeks during a semester. The University Court does not meet during the summer.

If the University Court's decision includes the punishment of permanent lockout, users will be responsible for providing the computer resources needed to complete their course assignments.

Policy Enforcement Procedures

The disciplinary process for Owlnet policy violations contains the following steps:

Once the violation is detected by Owlnet System Administrators, if necessary, users will be immediately locked out of their account. See section Lockout Security Precautions. If lockout is not required, a notice will be sent to users and, if necessary, a request to meet with Owlnet management will be made.
Owlnet management will determine the Damage Cost Assessment or DCA (see section, Damage Cost Assessments) of the violation and possible penalties. (See table, Chart of Violations and Penalties.)
If the DCA is less than $500, a warning will be issued and other penalties assessed on users. It may be escalated to U-Court if it involves repeated or numerous violations.
If the DCA is greater than $500, the case will be referred to the University Court and/or the appropriate external authority.
Disciplinary hearing by the University Court or external authorities.
Implementation of the disciplinary decision made by the University Court or external authorities.

Initial disciplinary action will be authorized or taken by the Director of New Media and Student Computing.

In the case of lockout, the first steps of the disciplinary procedure may be bypassed and initial disciplinary action (temporary access denial) may be implemented immediately by the Owlnet Management. See section Lockout Security Precautions.

In situations where the case would be referred to the University Court or other authority, the court will be given a written statement of the charges and specifications against them within five working days. These terms are defined as follows:

Charge(s):

A description of the specific Owlnet and/or University policy that was violated. Each different policy violation will be a separate charge.

Specification(s):

A description of the specific actions alleged to have been taken by the user that violate the policy. Every charge will have a specification, providing a one-to-one correspondence between the user's alleged activity and the policy that it violates

Owlnet Violations and Penalties

The chart below describes some violations and potential penalties of Owlnet only. This list is not exhaustive and other violations will be dealt with as appropriate. Other policies and laws you must abide by include the University Computing Policy and local, state, and federal laws.

See the University Computing Policy for its list of proscribed activities.

Penalty Descriptions

(These terms are used in the chart below for penalties.)

Warning:

User will be required to meet with Owlnet management to discuss violation. Further disciplinary action may be taken.

Lockout:

Immediate lockout from Owlnet account without warning. See section Lock-out Security Precautions. Penalty will be assessed after determination is made whether user was actually committing a violation. Alleged violations concerning security and commercial usage of resources may also result in the lockout of the college room computing port.

DCA:

Depending on the violation, a damage cost assessment (DCA) may be made to determine whether the incident should be referred to the University Court. See section Damage Cost Assessments, for cost estimates. If the DCA is greater than $500 an incident will automatically be directed to University Court. If the DCA is smaller than $500 or involves repeated or numerous violations, Owlnet management will determine whether to refer to University Court. Note that a DCA will usually also include a lock-out.

U. Court:

Automatic referral to University Court for penalty decision. See section Disciplinary Actions for possible punishments. Note that a referral to U. Court will often also include a lock-out.

TABLE 1. Chart of Violations and Penalties

Violation	Penalty	Repeat Violation
Playing a network game	warning	DCA
Hiding a network game or reinstalling a network game after previous warning and removal by system administrator	lockout	U. Court
Not giving up seat when requested by some-one needing machine for higher priority task	warning	lockout
Forging electronic mail	U. Court	U. Court
Sending electronic mail to unofficial automated mail handler	warning	DCA
Doing research without explicit permission	warning	U. Court
Abusing background privileges	warning	DCA
Ignoring system administrator talk request	lockout	U. Court
Abusing remote login privileges	lockout	U. Court
Sharing password with someone	U. Court	U. Court
Severely taxing system resources for non-course work activities	warning	DCA
Using hard links instead of symbolic ones	warning	DCA
Not abiding by system mechanisms for equitable computing resource distribution, such as quotas, screen locking timeouts, etc.	warning	DCA
Modifying another's data or files without permission	U. Court	U. Court
Abusing temporary directory privileges	warning	DCA
Using system for non-educational purposes	warning	U. Court
Propagating electronic chain letters	warning	DCA
Hindering another's work	lockout	U. Court
Severely taxing system resources for Internet usage	warning	DCA
Damaging Owlnet hardware or software through misuse	DCA	U. Court
Violating university computing policy	U. Court	U. Court
Violating local, state, or federal laws	Reported to proper authorities and U. Court	Reported to proper authorities and U. Court

Damage Cost Assessments

The Damage Cost Assessment or DCA will be calculated by determining the cost of staff time, Owlnet or network downtime, and software or hardware expenses, plus any additional expenses.

DCAs under $500 may be handled by Owlnet management or referred to University Court. If you do not wish to pay the DCA fine, you may be given the option to forfeit your Owlnet account for a year.

If the DCA is greater than $500, the violation will automatically be reported to University Court.

TABLE 2. Damage Cost Assessment Calculation Chart

Type of Cost	Cost (work hours)	Cost (non-work hours)
System administrators	$50 per hour	$100 per hour
Lab manager or Operations staff	$25 per hour	$50 per hour
Director of New Media and Student Computing	$100 per hour	$200 per hour
Network administrators	$50 per hour	$100 per hour
Director of Network Management	$100 per hour	$200 per hour
Owlnet downtime	$500 per hour	$250 per hour
Rice campus network downtime	$5,000 per hour	$2,500 per hour
Software expenses	replacement value	replacement value
Hardware expenses	replacement value	replacement value

Owlnet Backup Policy

The Owlnet UNIX computing systems are backed up on a regular basis. Retrievals of backup copies are on a best effort basis, and most retrievals will be done within 24 hours of the initial request. Retrieval requests may be made by logging a Problem Incident at http://helpdesk.rice.edu. Requests should be as specific as possible, stating the fully qualified path to the desired directory(s) or file(s) and the date/timestamp for the desired version of the directory or file.

Currently there is no charge to users for any restore requests of active data. Rice reserves the right to charge for media and system and staff time to handle requests for creating a copy of user's data onto CD or Zip disks or other transportable media.

Retention of Backups

The Owlnet backups will retain a copy of active user's data for 1 year. Files that are deleted by users will be retained for at least 3 months after the deletion.

The exception to this is users' e-mail (incoming mail INBOX). User's INBOX files are backed up and retained for only 60 days.

When users become inactive, and their accounts are deleted, a final backup is made just prior to account deletion and retained for 2 years.

IT

IT Self-service

IT Tutorials

VPIT