LAMP project policies
From Research Computing
| Table of contents |
Project Proposals
All project proposals to use GC LAMP servers for open source projects must be submitted in writing to the Vice President for Information Technology and External Programs for evaluation and approval. Proposals should include amount of server space and software requirements.
One account per site
Each approved site will have precisely one associated server account, for access via secure shell and secure ftp. The user to whom control of the site is assigned takes full responsibilty for the account. Application software may assign other accounts as needed (though see the account policy on wiki access).
Only secure remote interactive access
Non-secure ftp, remote shells, telnet, and other insecure interactive protocols are not permitted to any LAMP site. Only secure shell (http://www.ssh.org) and secure ftp access to LAMP sites using the assigned account is permitted.
Password Policy
Users are encouraged to follow the Brief Recommendations for a Sane Password Policy (http://www.smat.us/sanity/pwrecom.html) by Richard E. Smith, PhD, CISSP. In particular, we encourage users to follow this recommendation:
Strong passwords that resist dictionary attacks should contain at least eight characters and should contain a mixture of upper- and lowercase letters, digits, and special characters. One approach is to choose two separate words from a large dictionary and combine them with a digit or special character.
Wiki policy
Research computing supports mediawiki (http://www.mediawiki.org). The wiki sysop account is assigned to one person. The wiki must be configured so that the Wiki sysop assigns accounts and passwords. Open edit access to wiki sites is not permitted.
Online Journal Policy
Approved scholarly journals are created initially by the research computing staff, within the Open Journal Management System (http://ojs.gc.cuny.edu). For the journal creation step, we require the journal title, and the name and email address of a person who will act as the Journal Manager; that person is assigned a Journal Manager account. The Open Journal Management system will send an email to the supplied email address with the password for the account. The responsibility for customizing the site, and creating all other roles is delegated to the Journal Manager.
Software Installation
With the exception of guest administrators (see below), Research computing does not give out administrative access to LAMP servers or mysql databases. Users are encouraged to make an appointment with the Director of Research Computing, to install the software they require while working with research computing staff. During the installation, we will assign passwords for access.
Administrative support for LAMP sites only
We provide administrative support for LAMP servers other than Research VLAN servers, which are maintained by their users. With the sole exception of its own machines, research computing does not service, administer or backup machines connected to the Research VLANs. Such machines are the responsibility of their owners. NOTE: the research VLAN will be merged with the academic VLANs in the Fall 2007 semester. Research computing will continue to maintain its own internal network for cluster services, and will have outside connections for remote access, web services and VPN access for grid computing services. GC Enterprise Networks and Systems will provide network services within the building. Some research computing services, such as the Linux Samba server for Speech and Hearing Sciences, will still be maintained by research computing, but the connection to the speech laboratories will change under the design proposed by IT.
DNS names
We can provide a fully qualified DNS name in the gc.cuny.edu domain for research computing (virtual) web sites. Some users have reserved their own domains outside the gc.cuny.edu domain; research computing can configure a virtual web site to handle http requests for a fully qualified DNS name maintained in the DNS of an outside commercial DNS provider such as Network Solutions (http://www.networksolutions.com); an example is the Forever Free Project (http://www.foreverfreeproject.org). Research Computing staff can provide assistance with the IP address configuration of DNS names maintained by external commercial DNS service providers. Sites maintained under a single umbrella application, such as the Open Journal Management system, which hosts several journals and which has its own DNS entry, may require an http redirection page to resolve the DNS for the specific site. An example is the LLJournal (http://lljournal.gc.cuny.edu), which resolves http://lljournal.gc.cuny.edu to the page http://ojs.gc.cuny.edu/index.php/lljournal.
SELINUX Compatibility
Our LAMP servers run with with Security Enhanced Linux (http://www.nsa.gov/selinux) (SELinux) enabled. All proposed sites must be compatible with SELinux; reseaarch computing can provide some configuration assistance for many LAMP configurations, but we cannot support applications that require SELinux to be disabled (such as Request Tracker), or which require a substantial programming effort by research computing to achieve SELinux compatibility. Projects that require addition to the SELinux policy are considered programming projects (see below).
Programming Projects
Research computing does not provide programming services. Users are expected to maintain their own programs and to adhere to industry standard programming practices.
