Ubuntu Linux
Administrator (root) access for computer owner |
default yes for owner |
| At a Glance |
| Backup |
none, all data must be on network shares |
| Configuration and setup |
isginf / owner |
| Deployment |
over the network via installation request form or OS Kiosk |
| OS installation |
isginf |
| Responsibilities |
| Software licensing & installation |
owner |
| Support by isginf |
best-effort |
| Supported hardware |
whatever Ubuntu works on |
| Updates & security fixes |
default on boot or while running, alternatively by owner |
| User management |
LDAP or local on computer |
Supported Versions
For details on the EOL dates read on
here.
Managed Configuration
The following configuration is automatically managed by
isginf:
- Firewall
- Default:
- No incoming traffic is allowed except SSH and some other required ports.
- Fail2ban is configured to harden SSH.
- Options (request by ticket):
- Add custom rules.
- Disable firewall and/or fail2ban.
- Options (self service):
- Use
firewall-cmd to maintain custom rules locally.
- Printers
- Default:
- Follow-me-printing with
card-ethz or card-stud configured.
- Options (request by ticket):
- Add ETH-managed printers (direct-printing).
- Options (self service):
- Use Gnome settings or CUPS admin interface to install custom printers.
- Filesystem
- Default:
- Mounted user home directory in /home (from iiStore or ETH student home for student lab machines).
- Notification by UI if user home is getting full.
- Mounted scratch and project share(s) in /pub (from iiStore or ETH storage solution).
- Options (request by ticket):
- Switch to local user home directories (in /local/home, the shares at /home are still accessible).
- Custom partitioning (before installation), additional SWAP space, ...
- Add further mounts.
- Options (self service):
- Mount filesystems yourself using
mount.
- Packages
- Default:
- Automatic update of all apt and flatpak packages (on boot and once a day).
- Notification by UI and mail on issues, if a reboot is required or if updates are required.
- Options (request by ticket):
- Only install critical security updates (apt).
- Disable automatic updates (apt & flatpak) completely.
- Adjust notification behaviour.
- Autoamtic installation of packages (and apt repositories).
- Automatic installation of some more complex applications:
- CUDA
- Docker CE
- MatLab
- (more on request)
- Options (self service):
- Check update policy and status with
update-status (as root).
- Users
- Default:
- All users of your LDAP-OU are known to the system.
- Only the defined users (plus the IT coordinators and isginf) are allowed to log in.
- Only defined users (plus isginf) have root access (by
sudo).
- Options (request by ticket):
- Reduce list of known users to a subgroup of the OU (e.g. only staff and students, not guests).
- Remove login restriction (so all known users are allowed to log in).
- Restrict login to a (self-maintained) local or LDAP group.
- Change list of defined users (with or without root access).
- Options (self service):
- Add local users with
sudo adduser.
- Allow login to additional LDAP users with
sudo usermod -a -G localusers {username} (they must still be known to the system, so they must exist in the OU).
- Grant root-access to additional users with
echo "{username} ALL=(ALL) ALL" | sudo tee -a /etc/sudoers/local.
