![[Univ of Cambridge]](http://www.eng.cam.ac.uk/images/house_style/uniban-s.gif)
![[Dept of Engineering]](http://www.eng.cam.ac.uk/images/house_style/engban-s.gif)
There are numerous computers attached to the Departmental network which are used for research, either by groups or individuals. These pages address some of the administration issues affecting every multi-user machine which is not part of the central teaching system.
Throughout these pages, the phrase research computer will be used to refer to such machines, which include workstations running any variant of Unix, and to PCs running Linux. The principles discussed apply even where a machine currently has only a single user, since machines often remain in the department long after the original user has moved on.
Timely, coordinated and careful administration of the user accounts on research computers produces benefits for the users and for our Computer Officers:
Any user of a networked computer in the Department must have registered with the Computer Operators and have signed an application form. This includes users who do not otherwise need an account on the main departmental system (e.g. who are working on a collaborative project only involving members of one particular group).
It is also helpful (for both technical and administrative reasons) if account identifiers used on research systems match those of the main departmental system.
Application forms, and sponsorship forms for external collaborators, are available from the Computer Operators, who can assist with questions associated with completing the forms.
It is important that accounts are deleted when users have departed and finished their work, and also that accounts are not deleted prematurely! The deletion of the central Teaching System account and of accounts on research computers needs to be coordinated. This is not easy, and we need your help and cooperation to improve coordination in this area.
There are two main scenarios. The first is where Departmental adminstration procedures initiate the removal of a user from the Teaching System. The second is where a research group deletes a user from a research computer.
There are procedures in place which initiate the removal from the Teaching System of users who are believed to be departing, but it is often difficult for our Computer Operators to ascertain whether a departing user has finished using research computers, and it is almost impossible to ensure that accounts have been closed on these computers.
If an existing user leaves, but still needs to have access to our systems as part of an ongoing collaboration, then the administrators of the main departmental system need to know of this change of status.
To assist with this problem, a mailing list of research group administrators is being set up. Please see the section below.
Research groups may delete a user from a research computer on the departure of that user or when collaboration or a project with the group ends. In many cases, this is not linked to the notification mechanisms from central admin which lead to deletions from the teaching system. Often the teaching system account is being held open until all research accounts have been closed.
Therefore it is very helpful if research groups can inform us (via email to user-admin@eng.cam.ac.uk) when they delete users from their systems, especially when those users are ceasing to have any connection with the department.
It is often hard for us to know who to ask when trying to make decisions about research user accounts. Often the technical administrator of a system (who knows exactly who has accounts and who will create and delete accounts) will not be the person who makes the policy decision about who should have an account. This decision-maker may be, for example, the principal investigator of the research grant which funded the system.
The next section discusses a mailing list which is intended to improve communication with the right people. A further aid is the Research admin contacts page which is under development.
The Research Computing Admin mailing list (research-user-admin) is being set up to give those responsible for departmental computer account administration a means of contacting research group administrators about the planned deletion of users from the department's computer systems. This should reduce the number of problems caused by accounts on research systems persisting after the user has been, in some cases wrongly, deleted from the main departmental computer system.
Ideally the list should include at least one suitable person from every research group (more strictly from each group of computers under different management), but for groups where there is no one person with the knowledge, more than one may be needed.
Each research group is asked to nominate one or more members for inclusion in the research-user-admin mailing list. This can be done by email to research-user-admin-request specifying the names of the machines you are responsible for, and whether you are the technical contact or the "policy-maker" or both.
At the moment there is a single research-user-admin mailing list, but if the members find that there are too many messages we may create smaller lists along divisional lines.
Follow this link for the letter requesting participation in the research-user-admin mailing list.
To aid the process of user administration on research computers and to provide cross-checks and a safety net, I am planning to provide an automatic mechanism for comparing the users on research computers with the Teaching System's records.
This would retrieve a copy of the user database (passwd file) from the research computer, and check that the users exist on the Teaching System and have matching user identifiers. Detected problems would be emailed to the appropriate technical administrator.
There is no timescale for this work at present, but if you would like be informed of developments, please email me: mjg17@eng.cam.ac.uk.