Staff members shall be chosen by the OCF Decision Making Process. [per OCF Board decision on 4/13/89]
[The rest of this policy is per Site Manager decision on 8/30/17]
The OCF Decision Making Process spells out the powers of BoD, the GMs, and the SMs; however, it doesn’t explain what powers other staffers have. The main purpose of this policy is to delineate what things staff can do on their own, what things they must not do, and what things they require special permission from the SM to do.
Staff are authorized to act independently of the SMs unless otherwise specified here or elsewhere. This is so staff are not obstructed by having to ask the SMs for approval for all decisions.
The Site Managers have the sole power to add staff to the ocfroot group,
otherwise grant root privileges on a machine which runs a production service or
which mounts NFS, create and grant privileges to
/admin principals, and grant
other powers which can be used to gain the aforementioned privileges or access
other OCF members’ data.
Staffers in the
ocfroot group are known as Technical Managers.
To be eligible for Technical Manager status, you must fulfill the following criteria:
The Site Managers can revoke Technical Manager status. This can happen, for example, if root privileges aren’t actively being used.
If you are a Technical Manager, use your additional powers wisely. Remember that you must respect the privacy of other members. In particular:
strace’ing their processes, recording network packet captures, etc.).
Here are some additional guidelines to follow:
bash_historyor updating their last login time).
The worst thing an OCF staffer could do is abuse root privileges. Abuse of root privileges constitutes anything done using root privileges which is in violation of OCF policies, University policies, or applicable laws. Examples of this are violating members’ privacy (including reading or modifying their files without reasonable cause), harassing members, maliciously logging people out, deliberately compromising OCF security, etc. Abuse of root privileges may result in consequences including, but not limited to, loss of root and/or staff privileges, being banned from the OCF, and/or being referred to the Office of Student Conduct.
There are some policies (e.g. this policy, the Unattended Processes Policy, …) that the Site Managers have the power to amend. The SMs’ power to amend these policies is not delegated to the Deputy Site Managers or any other staffer. In other words, staffers cannot unilaterally make changes to these policies without the SMs’ (or GMs’ or BoD’s) approval.
Site Managers should promptly inform staffers whenever they make amendments to any such policies.