Voiding Your Warranty
Voiding Your Warranty on CSAIL Ubuntu
In order for TIG to properly manage CSAIL Ubuntu machines, we need to depend on some basic packages and configuration settings. We do our best to allow users a lot of freedom in terms of modifying the configuration of their machine (many sites don’t even let users have root access on their workstations). However, there are some changes that make it impossible for us to reliably manage a system. Some examples are:
- Removal of the puppet package
- Setting any file puppet manages to be immutable
- Removal of the ruby package
- Removal of the python package
- Disabling or removing cron
This list is not, and probably never can be, exhaustive. These are the common changes that we’ve seen that screw with our ability to manage a system. Please don’t do any of them. If you must, consider talking to us first. We may be able to work out an alternative that keeps everybody happy. If you do make these changes, though, we’ll consider your machine unsupported and ask you to reinstall with a non-CSAIL operating system.
What if CSAIL Ubuntu does things you don’t like
In many cases we can configure the automation on your systems to meet your needs even if the default settings are unsuitable. The most common settings here are which users can login and what packages are installed but most configuration can be templated to meet your needs.
Automated security updates however are non-negotiable. CSAIL systems (nearly) all have public IPv4 addresses and are directly addressable from the public internet, as such it is crucial that all systems, TIG managed or not, receive security updates as soon as they are available from the vendor.
If CSAIL Ubuntu doesn’t meet your needs you are free to install an manage your own operating system of whatever flavor you like, but please:
- Do configure automated security updates however your operating system manages that.
- Do Not install CSAIL Ubuntu then break it, rather install what you
want and configure it.
Systems with known security vulnerabilities may be removed from the network for the safety of all lab members.