NDS Q & A

General

• What is NCSUNDS?

Root Access

• What can a person do with Root Access to NCSUNDS?

• Why would a person need Root Access?

• Who has Root Access now?

Current proposal

• How is the proposal different from the way things have been done?

• What is the Standards Committee being asked to do?

• How did the NDSTech group vote on the current proposal?

Answers

What is NCSUNDS?

NCSUNDS is the campus-wide NDS database (NCSU - NDS). This database is better known as "the NCSUNDS tree". Many services depend on NCSUNDS, including login to thousands of Windows computers on campus. Some other services include Groupwise, NAL (Zenworks application delivery), NIMS, and file storage on NetWare servers.

All of the academic Colleges, as well as the NC State Libraries, the Information Technology Division, and the Resource Management & Information Systems Division (NCS, ACS) participate in this database. Each group has ownership of its own "container", or section of the database. Click here to see a graphic representation.

Return to questions

What can a person do with Root Access to NCSUNDS?

Root access enables a person to view, modify, create, or delete:

• Any file on any NetWare server in the NCSUNDS database. This includes 119 production NetWare servers; these represent nearly every production NetWare server on campus.
• Any entry in the NDS database. Entries include items such as ~70,000 user accounts (access includes the ability to change their passwords), printers, servers, applications and other items stored in NDS.
• Root access also enables a person to "extend the schema". The schema refers to structure of the database; it is a set of rules that define what kind of data can be stored in NDS, and how it must be entered. New products frequently "extend the schema" when they are first installed, adding rules about the data that the products will store in NDS.

Why would a person need Root Access?

A person would need root access to do the following tasks:

1. Perform the first installation of a new product into NCSUNDS, if it requires schema extensions. (If it does, then the product must first be approved by the NDSTech group.) Subsequent installations do not require global root access.
2. Separate the NDS database into smaller sections for data storage ("partitions"), or merge those partitions, at the shared upper levels (.NCSU, Root) of the NCSUNDS tree.
3. Create new entries (users, containers) at the shared upper levels of the NCSUNDS tree.
4. Perform maintenance database repair operations at the upper levels of the NCSUNDS tree. These operations may affect the health and security of the entire database.

Who has Root Access now?

The following organizations and people have Root Access:

ITD - Microcomputer Systems: Debbie Carraway, John Klein, Joe Wells, Patrick Williams, Andy Kurth

NCS - Systems: Vic Lynn, Karen Dailey, Gene Morse, Shawn McIntosh

CHASS - Joe Flowers, Ryan Jones (?)

Return to questions

How is the proposal different from the way things have been done?

The current proposal is not very different from the way the NDSTech group has managed NDS informally in the past.

The SLA now spells out the membership and voting rules more clearly, and the new Root Access document spells out a set of requirements for root access as well as consequences for misuse of root access.

The difference that was most discussed is that the Root Access document gives the University Computing Standards Committee the power to charge particular organizations with maintaining the health and security of the NCSUNDS tree.

This is a change from the way access was handled in the past, which was much more informal. In the past, the decision to grant root access was handled on an case-by-case basis by NDSTech group and/or individuals with root access. There were no clear rules for deciding who would receive root access. No organizations were formally charged with maintaining the shared NCSUNDS database.

The current proposal limits root access to individuals within the organizations that the UCSC has charged. The NDSTech group will retain the responsibility for choosing which individuals may be trusted with root access. They will choose individuals from the organizations charged by the UCSC with maintaining the health and security of NCSUNDS.

What is the Standards Committee being asked to do?

The Standards Committee is being asked to do the following:

1. Vote to approve the two documents (SLA, Root Access) that will govern the management of NCSUNDS.

2. Charge specific organizations with maintaining the health and security of NCSUNDS. By organizations, we mean units that are part of the formal reporting structure of the University.

3. Annually review the rules governing NCSUNDS.

How did the NDSTech group vote on the current proposal?

The NDSTech group voted to approve both documents in the February 6th meeting.

The documents were considered individually. The votes were as follows:

SLA document: 9 for, 1 abstained, 1 absent

Voting For:

• College of Agriculture & Life Sciences
• College of Education
• College of Management
• College of Textiles
• College of Veterinary Medicine
• Information Technology Division
• Network & Client Services
• Administrative Computing Services
• NC State Libraries

Abstained:

• College of Humanities & Social Sciences

Absent:

• College of Engineering

Root access document: 8 for, 2 against, 1 absent

Voting For:

• College of Agriculture & Life Sciences
• College of Management
• College of Textiles
• College of Veterinary Medicine
• Information Technology Division
• Network & Client Services
• Administrative Computing Services
• NC State Libraries

Voting Against:

• College of Education
• College of Humanities & Social Sciences

Absent:

• College of Engineering

Return to questions