Teaching/Project Rooms with User-Managed Systems

• Code of Conduct and Ethics

• Ethics are paramount for an IT expert or an Engineer.
• You should never use your knowledge or expertise to do actions that violate the security or privacy of any information system.
• You should also be aware that you are fully accountable, from the legal standpoint, for all the actions that you perform on the University computers and networks.
• If at any time, you are in doubt about the legality of some action, please do not perform it until you consult with one of your instructors or the IT team and obtain anauthorization to proceed with it.

• Introduction

SOEN321,COMP5541,490 projects (H833, H835, H837, H842, H854)

The user-managed machines in the project rooms H833, H835, H837, H842, and H854 are primarily by default Linux desktops. They are intended for the student to play with the Operating System (Fedora Core Linux) or do the projects that require root privileges. This includes courses such as SOEN321,COMP5541, COMP490, COMP492, COMP495, SOEN490. The students exercise full control of the system for their course needs. The machines are configured to be all in the server-only type of VLAN (see below about distinction between the client-only and server-only user-managed machines).

ECE 490/capstone projects (H805, H857)

The user-managed machines in H857 and H805-area are client-only Capstone user-managed machines that have the standard dual-boot ENCS user-managed cut, which is maintained by a technician responsible for the labs in terms of accounts and software installation, etc.

CIISE security projects (H909, H911)

The user-managed machines in H909 and H911 are typically used by the CIISE courses such as INSE6120, INSE6130, INSE6140, and INSE6150 for mini-projects and actual projects. While both rooms are considered to be client-only (dual boot), H911 has Internet access and the course TAs are managing and giving accounts in that room and users are not given administrative privileges. H911 has also some extra network equipment to be used for teaching. H909 uses the same base CIISE dual-boot user-managed image, but is locked down in terms of network connectivity and is not allowed outside except DNS/DHCP by default. Here the students may conduct various experiments that may require privileged access. This lab is usually reghosted for each term.

• To start up

To start up, a variety of passwords (e.g. CMOS, root, user, and bootloader passwords) will be given to you when required by the lab monitor upon the need.

IMPORTANT: if you have it, DO NOT CHANGE CMOS PASSWORD. If you change the CMOS password we will have to open up the PC and reset it manually.

• Rebuild PC

1. To rebuild your PC in H833/H835/H837/H842/H854: just press the F12 key, then select network. All users can do it.
2. At this point, rebuilding machines in H857, H805, H907-1, and H911 has to be done by an AITS analyst from a desktop group.

NOTE: Your PC will be completely re-installed if you do this, resulting in all data loss. As such, when a group of students working on a project is assigned one machine, other students should not tamper in any way with another team's computer. You are also entirely responsible for backup of any data on those machines and the University or the IT team are not responsible for any data loss unless explicitly specified.

• Software Maintenance

1. Linux:

   Software updates, installation and removal are mainly done with the yum command. yum is an interactive, automated update program which can be used for maintaining systems using RPMs. Here is a short usage guide.

   • List Software

   To list all available software packages, you can use
   yum list

   To list installed software packages only, you can use
   yum list installed

   To list software packages requiring update (i.e. update is available), you can use
   yum check-update

   • Install/Uninstall/Update Software

   Update installed package(s) to a new version, if available
   yum [-y] update [<package-name>]
   Name of the package is optional, i.e. if it is absent, yum will try updating all the packages that need updating.

   To install available stock software, you can use
   yum [-y] install <package-name>

   To uninstall simple stock software, you can use
   yum [-y] remove <package-name>

   The optional -y switch will avoid confirming [y/n] prompts and always will select "yes".

   • yum Brief Guide

   usage: yum [options] < update | install | info | remove | list |
   
       clean | provides | search | check-update | groupinstall |
   
       groupupdate | grouplist | groupinfo | groupremove |
   
       makecache | localinstall | erase | upgrade | whatprovides |
   
       localupdate | resolvedep | shell | deplist >
   
   
   
   options:
   
     -h, --help            show this help message and exit
   
     -t, --tolerant        be tolerant of errors
   
     -C                    run entirely from cache, don't update cache
   
     -c  [config file]     config file location
   
     -R  [minutes]         maximum command wait time
   
     -d  [debug level]     debugging output level
   
     -e  [error level]     error output level
   
     -y                    answer yes for all questions
   
     --version             show Yum version and exit
   
     --installroot=[path]  set install root
   
     --enablerepo=[repo]   enable one or more repositories (wildcards allowed)
   
     --disablerepo=[repo]  disable one or more repositories (wildcards allowed)
   
     --exclude=[package]   exclude package(s) by name or glob
   
     --obsoletes           enable obsoletes processing during updates
   
     --noplugins           disable Yum plugins

   Please see the yum manpage for more information by executing the command
   man yum

   • Download/Upload and install other Software

   The user-managed PCs in H833/H835/H837/H842/H854 for your projects are server-only machines, so you are not able to use web browser to access internet and download software package directly on this type of machine.

   Therefore, if you would like to install other software that is unavailable using yum to install, you have to download software source using one of regular ENCS-managed machines, then scp or sftp to upload your software package to your server-only type of machine. After that, just follow the instruction of README or INSTALL file that the software package provides to install the specific software.

2. Windows:

   Windows is only present on the dual-boot client-only networks in H805, 857, H907-1, and H911. Its software maintenances, including updates of Windows itself, browsers, antivirus, and otherwise applications are done either automatically or by the person in charge of the lab after ghosting -- TAs (e.g. H907-1, and H911) or technicians (e.g. H805 and H857).

• Client-only vs. Server-only Machines

There are two kinds of user-managed machines, client-only and server-only, depending on subnets that they belong to.

A client-only user-managed machine allows a user who is sitting in front of such a machine to have full access to web browsing, email access, telnet, ssh, etc. That is, allows making any internet connections to the outside world. However, users cannot remotely access a client-only user-managed machine from other machines (ENCS-managed or outside) except machines on same subnet.

A server-only user-managed machine is the exact opposite of the client-only one. Users can remotely access a server-only user-managed machine from any other machines (ENCS-managed, client-only machines, and outside). However, if a user is sitting in front of a server-only machine directly, it is unavailable for the user to browse internet, check email, etc. That is, all connections to outside world are blocked.

Note: The detail information about client-only and server-only machines can be found here.

• Contacts

If you have questions or suggestions about the project lab, please email us.