Linux Team Machine Management Options

Owned by Donald Birnbaum
Last updated: Sept 27, 2022 by Jamey Walker (Unlicensed)
3 min read

The Linux Team provides two options for setting up and handling machines. The details for each are explained below:

Fully Managed (Tier 1)

Self Managed (Tier 2)*

All Devices

In both cases, the Linux Team installs the following as part of a base installation:

  • Centrify: allows NetID logins. In most cases, you or your research lab decides who is allowed access to the machine.

  • Endgame: a powerful antivirus / anti-malware program that doesn’t rely on signatures.

  • Basic Linux command-line utilities

  • The gcc compiler

  • A base suite of software (on Workstations)

    • Firefox

    • Emacs and Vim

    • LibreOffice

    • Thunderbird

    • TeX Live

Backups

Users are responsible for backing up their own home directories. If the machine is managed, all installed software can be reinstalled exactly as is without any problems, but user home directory data must be backed up and restored by the user. If the machine is managed and a reinstall is necessary, we will make every reasonable attempt to preserve user (home directory) data.

Fully Managed (Tier 1)

This is the preferred option because it ensures the highest level of security and requires almost nothing from the end-user. We will assist with any problems that arise and generally help in any way that we reasonably can. Security patching happens automatically, and users are required to reboot once per semester (between semesters) to guarantee that kernel updates have been applied. Reboots may be required during a semester if a severe enough vulnerability is announced.

For software installation and removal, the Linux Team offers self-service package management. This allows non-privileged users to install and remove most packages from the system’s repositories. Self-service software management can be requested by the machine owner (not the machine user) or a professor in the research lab (whichever is applicable). 

Caveats

We do not provide users root access to managed systems. However, users generally only need this access to install software, which can be achieved through the self-service feature. If you need this feature, then you should request that it be enabled to start the approval process. Users are free to download, compile, and install software into their own home directories, as most of the time this does not require any special access (see https://tamuengr.atlassian.net/wiki/spaces/helpdesk/pages/1983184923).

What We Need From You

When we take over the management of a machine, it will be installed from scratch to establish a baseline. We will need the following information to install and set it up:

  • List of NetIDs which will have login rights

  • An initial list of software to be installed

  • Name of the machine (if not provided by your department or group’s IT)

  • Name of the primary researcher for the lab (PI)

  • Whether you want Ubuntu 20.04 or Ubuntu 18.04

    • Preferred OS is Ubuntu 20.04 at this time.

    • CentOS 7 may be available when there is a requirement by a specific software need.

 

Note: Tier 1 machines should remain on at night to allow nightly security patching.

Self-Supported (Tier 2)

As of January 2020, there is a new policy for Tier 2 computers.

Under this new policy, you will be required to submit a request with a valid, detailed justification for Tier 2 management to the Linux Team. Only very specific circumstances will be allowed. If your request is approved by the Linux Team, it will be forwarded to the Engineering Information Security Officer for approval. Additionally, Tier 2 exceptions must now be approved by the Dean’s Office. Should your scenario be approved by all of these, you will be permitted to have a Tier 2 computer. Please note that as a result of these changes, there will be much more scrutiny regarding your reason for requesting Tier 2 management, and consequently there will be fewer Tier 2 approvals than in the past. 

With this option the requested operating system will be installed for you, NetID access and Endgame virus/malware protection enabled, and root access provided.

Note: no further assistance will be provided for the machine. In the event of a problem, we can only reinstall the machine from scratch, so we recommend maintaining current backups.

Caveats

 

All additional software must be installed by your group, and we will not assist any further with the machine. This means that if you run into problems after making changes to, or updating the machine, you will be on your own. If you get to a point where you cannot use the machine anymore, we can reinstall it from scratch. You are responsible for backing up your data prior to our reinstall.

Root access is gained by using the ‘dzdo’ command instead of the ‘sudo’ command. It works the same way as ‘sudo’ and takes the same arguments, but ‘dzdo’ is provided by the 3rd party tool Centrify, which allows us to provide NetID-based logins.