Assignment for Week 5: User Account Management

Description

User account management has both technical and social aspects. In this assignment your group will create accounts on your system for all the other class members, and you will also write an system policy for your system.

What you need to do

1. Write a system policy document for your system. You should cover what kind of user activities are and are not permitted on your system, the sanctions for unwanted user activity, and your intended policies for system availability, notification to users of system changes, and security and privacy protections. When deciding on possible policy issues, consider whether you as a system administrator really think you can effectively monitor and enforce the policy. Post your policy document on a web page on your system, and make the URL available to all account holders.
2. Create accounts on your system for all the other people in the class (including me). Decide what kinds of things you want to support for user accounts, like which shells you will provide default configurations for, how you will manage setting the initial account password and password change requests, and so on. Make sure that each account starts with a working shell and shell configuration. Other things you may want to consider as part of setting up accounts, depending on your operating system's support for such features, are:
   • Disk quotas
   • Resource limits (for memory and CPU usage)
   • Password expiration
   • Additional default configuration files for commonly-used software like mail readers, web browsers, X window system clients, etc.
3. Extra credit: Once you've created accounts for all the other class members on your system, and each of those other users has logged in and changed his or her password, run a password cracking program like "John the Ripper" on your password file. Did it succeed in cracking any passwords, and how many? (Please don't tell me which accounts or what their passwords were, just how many were cracked out of how many total users.) Notify the accounts whose passwords were cracked that they need to change their passwords (if your operating system has support for it, you may want to immediately expire any passwords that are cracked to require the user to change his or her password at the next login). If you complete this activity it will be worth up to 5 points.

What to turn in

Please follow the assignment submission guidelines when turning in material.

1. Provide me with the URL to your system policy document (hopefully as part of setting up my account).
2. Log in to each of your accounts on all the other systems besides your group's. I also strongly recommend that during your first login you immediately change your password to something that only you know, since you probably had to provide an initial password known to the other system administrators. For each of these other accounts, briefly indicate whether you were able to get in to the account and use common UNIX applications.

   Note that this item is something where I want you all to do something individually and turn in something individually. However, your group will be evaluated on how many other people in the class can successfully access their accounts on your system.

These tasks need to be done, and the appropriate information emailed to me, by class time on Monday, July 28.

Each group member should also email to me separately their estimate of the percentage of the total work each group member (including themselves) contributed to this assignment, looking something like:

Alice: 40%
Bob: 30%
Carol: 30%

Class presentation/discussion

On Monday, July 28 I will take some time in class to have each group speak briefly about their experience with this assignment. Please give a brief summary of your system policy and the considerations that went into it. Also discuss how you arranged to set up accounts for other users on your system, and how those choices worked for you -- did everyone get accounts on your system who was supposed to? What problems did you encounter in creating accounts and how did you resolve them?

Evaluation

While you'll have a certain amount of latitude in deciding your system policy, note that there are some legal and institutional requirements that we'll all have to follow, and which should be made clear in your policy. Your policy document will be worth up to 3 of the 10 points for your assignment.

The other 7 points will be assigned based on the proportion of people who report they are able to access their account on your system -- to get all 7 points, everyone who says they tried to set up an account on your system will also have to say they were able to log in to it successfully and that it was usable. If someone says they tried to get an account but couldn't, or the account was unusable, that won't count toward your group's point total.