Newsgroups: comp.sources.unix From: bbh@mtek.mtek.com (Bud Hovell) Subject: v25i138: policy V2 - tools for providing interactive timeshare policies, Part02/03 Sender: unix-sources-moderator@pa.dec.com Approved: vixie@pa.dec.com Submitted-By: bbh@mtek.mtek.com (Bud Hovell) Posting-Number: Volume 25, Issue 138 Archive-Name: policy/part02 Return-Path: oliveb!mtek!nosun.West.Sun.COM!bbh Received: by cognition.pa.dec.com; id AA04507; Tue, 25 Feb 92 06:51:51 -0800 Received: by uucp-gw-1.pa.dec.com; id AA08997; Tue, 25 Feb 92 06:51:34 -0800 Received: by oliveb.ATC.OLIVETTI.COM (smail2.5) id AA08049; 25 Feb 92 06:51:02 PST (Tue) Received: from Sun.COM (sun-barr) by sun.Eng.Sun.COM (4.1/SMI-4.1) id AA03199; Tue, 25 Feb 92 06:27:12 PST Received: from nosun.West.Sun.COM by Sun.COM (4.1/SMI-4.1) id AA12974; Tue, 25 Feb 92 06:26:57 PST Received: from mtek.UUCP by nosun.West.Sun.COM (4.1/SMI-4.1-900117) id AA00555; Tue, 25 Feb 92 06:26:48 PST Received: by mtek.mtek.com (Smail2.5+apb/mje900117) id AA10494; Tue, 25 Feb 92 04:06:06 PST Subject: Policy Package, part 2 of 3 To: vixie (Paul Vixie) Date: Tue, 25 Feb 92 4:06:05 PST Reply-To: policy@mtek.com X-Mailer: ELM [version 2.4dev PL52] Message-Id: <9202250406.AA10494@mtek.mtek.com> From: bbh@mtek.mtek.com (Bud Hovell) #! /bin/sh # This is a shell archive. Remove anything before this line, then unpack # it by saving it into a file and typing "sh file". To overwrite existing # files, type "sh file -c". You can also feed this as standard input via # unshar, or by typing "sh 'Makefile.d' <<'END_OF_FILE' X#!/bin/sh X# $Id: Makefile.d,v 5.3.2.5 91/09/03 09:55:10 policy USENET $ X# X# Copyright (c) 1991 by Bergen B. Hovell, Jr. X# You may not distribute or otherwise use this work for any profit-making X# purpose without the express permission of the author, but this work is X# otherwise freely distributable so long as this header remains attached. X# X# Revision 4.6.2.2 91/04/04 12:29:19 bbh X# Use variable substitution for differences in BSD vs. SYSV 'sh' commands. X# By Andy Linton . X# X# If we don't have hash-bang: XSHELL=/bin/sh X# Don't tour the engine-room: X.SILENT: X############################ edit here ################################# X# Path to our public executables: XPATH=/usr/local/bin:/usr/ucb:/bin:/usr/bin X# How to get this machine to give us it's name: Xmyname="uuname -l" X# If this machine is really fast, then let fast=yes, else leave blank: Xfast= X# What is the environmental variable name for the login user on this system: Xname=$$LOGNAME X# Name of the record file (preferably a dot-file) to be placed in the user's X# home directory: Xrecord=$$HOME/.policy_read X# Your favorite pager: Xpager=/usr/local/bin/less X# Default terminal for temporary use by the pager: Xdefterm=vt100 X# Who should get mail notification of record user's first-time login X# (or failure messages): Xmssgto=sysmgr X# If we want the Bourne-shell version of the 'policy' script, then X# let script=bourne. If we want the Perl version, then script=perl: Xscript=bourne X# Echo handles optional newlines in different ways. Choose ONE of the X# following lines and comment-out the other: X# BSD style X#n='-n' X# SYSV style Xc=\c X# Are we, specifically, an AT&T 3B1 (Unix-pc, 7300, Safari.....)? If so, X# say is3b1=yes, else leave blank: Xis3b1= X# We will attempt to create any of the following named directories (if they X# don't already exist) set to the owner and group ids shown above. X# X# Which directory for executable 'policy' (/usr/local/bin ?): Xbindir=/usr/local/bin X# Which directory for executable '1stlogin' (/usr/local/etc ?): Xetcdir=/usr/local/etc X# Full path name to your 'Policy' directory: Xpoldir=/usr/local/adm/Policy X# Policy text file containing the first-login announcement: Xann=ann X# Which user id should own all these installed files and created directories X# ('root'?): Xowner=root X# Which group id should own all these files and directories ('bin'?): Xgroup=bin X########################## edit no more ################################ X# What is this entire package called?: Xpkg=Policy Package X X# Full path names to our installed executables: Xpol=$(bindir)/policy X1st=$(etcdir)/1stlogin X Xargs: X # ....but we do offer a menu, also: X echo '' X echo '' X echo ' "MAKE" OPTIONS' X echo '' X echo ' Arguments to "make":' X echo ' "dotext": builds from scratch and installs it ALL' X echo ' "notext": same, EXCEPT text files are ignored' X echo ' "man": makes localized 'man' pages for your system' X echo ' "readman": read localized 'man' pages for your review' X echo ' "uninstall": ONLY 1stlogin and policy removed from system' X echo ' "virgin": restores us to original, as-issued condition' X echo '' X echo ' .............you have to install your own 'man' pages! X echo '' X Xall: X args X X# Main installation options: Xdotext= howdy $(script) install text man tellwhat Xnotext= howdy $(script) install man tellwhat X Xdotext: $(dotext) X Xnotext: $(notext) X Xhowdy: X # Say howdy: X echo '' X echo "Now doing full installation of '$(pkg)' [$(script) option]" X X # Remove any executables or temp file created on the last make: X echo '' X echo ${n} "First, be sure we are a virgin..........................${c}" X rm -f 1stlogin policy policy.1 1stlogin.8 install.out .hold X echo DONE! X Xbourne: scripts/policy.sh scripts/1stlogin.sh X echo '' X echo ${n} "Substituting your variables into 'policy' (Bourne)......${c}" X sed -e '/^PATH=/s%=.*%=$(PATH)%' \ X -e '/^poldir=/s%=.*%=$(poldir)%' \ X -e '/^myname=/s%=.*%=$(myname)%' \ X -e '/^pager=/s%=.*%=$(pager)%' \ X -e '/^is3b1=/s%=.*%=$(is3b1)%' scripts/policy.sh > policy X echo DONE! X echo '' X X echo ${n} "Substituting your variables into '1stlogin' (Bourne)....${c}" X sed -e '/^PATH=/s%=.*%=$(PATH)%' \ X -e '/^myname=/s%=.*%=$(myname)%' \ X -e '/^name=/s%=.*%=$(name)%' \ X -e '/^record=/s%=.*%=$(record)%' \ X -e '/^bindir=/s%=.*%=$(bindir)%' \ X -e '/^poldir=/s%=.*%=$(poldir)%' \ X -e '/^defterm=/s%=.*%=$(defterm)%' \ X -e '/^pager=/s%=.*%=$(pager)%' \ X -e '/^announcement=/s%=.*%=$(poldir)/$(ann)%' \ X -e '/^mssgto=/s%=.*%=$(mssgto)%' \ X -e '/^fast=/s%=.*%=$(fast)%' scripts/1stlogin.sh > 1stlogin X echo DONE! X echo '' X Xperl: scripts/policy.pl X echo '' X echo ${n} "Substituting your variables into 'policy' (Perl)........${c}" X sed -e '/^$$poldir=/s%=.*%='"'$(poldir)'"';%' \ X -e '/^$$myname=/s%=.*%='"'$(myname)'"';%' \ X -e '/^$$pager=/s%=.*%='"'$(pager)'"';%' \ X -e '/^$$is3b1=/s%=.*%='"'$(is3b1)'"';%' scripts/policy.pl > policy X echo DONE! X echo '' X X echo ${n} "Substituting your variables into '1stlogin' (Bourne)....${c}" X sed -e '/^PATH=/s%=.*%=$(PATH)%' \ X -e '/^myname=/s%=.*%=$(myname)%' \ X -e '/^name=/s%=.*%=$(name)%' \ X -e '/^record=/s%=.*%=$(record)%' \ X -e '/^bindir=/s%=.*%=$(bindir)%' \ X -e '/^poldir=/s%=.*%=$(poldir)%' \ X -e '/^defterm=/s%=.*%=$(defterm)%' \ X -e '/^pager=/s%=.*%=$(pager)%' \ X -e '/^announcement=/s%=.*%=$(poldir)/$(ann)%' \ X -e '/^mssgto=/s%=.*%=$(mssgto)%' \ X -e '/^fast=/s%=.*%=$(fast)%' scripts/1stlogin.sh > 1stlogin X echo DONE! X echo '' X Xinstall: Makefile policy 1stlogin X # Install the customized executables: X echo ${n} "Installing 'policy' executable..........................${c}" X if test ! -d $(bindir);\ X then mkdir $(bindir);\ X chown $(owner) $(bindir);\ X chgrp $(group) $(bindir);\ X echo "$(bindir) created" >>.hold;\ X fi X cp policy $(bindir) X echo "$(pol) created or updated" >>.hold X chown $(owner) $(pol) X chgrp $(group) $(pol) X echo "$(pol) set owner '$(owner)' and group '$(group)'" >>.hold X chmod 755 $(pol) X echo "$(pol) set chmod 755" >>.hold X echo DONE! X echo '' X X # Make sure the 'Policy' directory exists X # executable: X if test ! -d "$(poldir)";\ X then echo ${n} "Creating 'Policy' directory for text files..............${c}";\ X mkdir $(poldir);\ X chown $(owner) $(poldir);\ X chgrp $(group) $(poldir);\ X echo "$(poldir) created" >>.hold;\ X echo DONE!;\ X echo '';\ X fi X X # ...and that the 'Policy' directory contains a valid menu file: X if test $(script) != "perl";\ X then echo ${n} "Making sure the user-menu file is up to snuff...........${c}";\ X touch 0101000080 $(poldir)/polmenu;\ X echo "$(poldir)/polmenu created or updated" >>.hold;\ X chmod 666 $(poldir)/polmenu;\ X echo "$(poldir)/polmenu set mode 666 (world read & write)">>.hold;\ X echo DONE!;\ X echo '';\ X fi X X if test ! -d $(etcdir);\ X then echo ${n} "Creating directory for installing '1stlogin' script.....${c}";\ X mkdir $(etcdir);\ X chown $(owner) $(etcdir);\ X chgrp $(group) $(etcdir);\ X echo "$(etcdir) created" >>.hold;\ X echo DONE!;\ X echo '';\ X fi X X X echo ${n} "Installing '1stlogin' executable........................${c}" X cp 1stlogin $(etcdir) X echo "$(1st) created or updated" >>.hold X chown $(owner) $(1st) X chgrp $(group) $(1st) X echo "$(1st) set owner '$(owner)' and group '$(group)'" >>.hold X chmod 755 $(1st) X echo "$(1st) set chmod 755" >>.hold X echo DONE! X echo '' X Xtext: Makefile text/ X # Text files in 'text' sub-directory: X echo ${n} "Installing text files...................................${c}" X cp text/* $(poldir) X echo "Text files copied to dir: '$(poldir)'" >>.hold X chown $(owner) $(poldir)/*;chgrp $(group) $(poldir)/* X echo "Text files in $(poldir) set owner '$(owner)'" >>.hold X echo "Text files in $(poldir) set group '$(group)'" >>.hold X chmod 444 $(poldir)/* X echo "Text files in $(poldir) set chmod 444" >>.hold X # We have to do this again here, else the polmenu will be 444: X if test $(script) != "perl";\ X then chmod 666 $(poldir)/polmenu;\ X fi X echo DONE! X echo '' X X Xman: Makefile man/policy.1.T man/1stlogin.8.T X echo ${n} "Making localized man page 'policy.1'....................${c}" X sed -e '/^PATH_TO_POLEX/s%.*%$(pol)%' \ X -e '/^PATH_TO_POLDIR/s%.*%$(poldir)/\\fIkeyword\\fP%' \ X man/policy.1.T \ X > policy.1 X echo "Created new localized man page, 'policy.1'" >>.hold X echo DONE! X echo '' X X echo ${n} "Making localized man page '1stlogin.8'..................${c}" X sed -e '/^PATH_TO_ANN/s%.*%$(poldir)/$(ann)%' \ X -e '/^PATH_TO_1ST/s%.*%$(1st)%' \ X -e '/RECORD_FILE/s%.*%$(record)%' man/1stlogin.8.T \ X > 1stlogin.8 X echo "Created new localized man page, '1stlogin.8'" >>.hold X echo DONE! X echo '' X Xreadman: Makefile 1stlogin.8 policy.1 X echo '' X echo ${n} "Formatting man page '1stlogin.8' output...please wait.";\ X nroff -man ./1stlogin.8 | $(pager) X echo '' X echo ${n} "Formatting man page 'policy.1' output...please wait.";\ X nroff -man ./policy.1 | $(pager) X Xtellwhat: X echo '' X echo 'Files created or updated:' X echo '' X mv .hold install.out;cat install.out X echo '' X echo "...this list can be found in the file 'install.out'." X echo '' X echo "Installation of '$(pkg)' [$(script) option] is completed" X echo '' X echo ' .....to uninstall, say "make uninstall".' X echo '' X echo ' .....to read new man pages, say "make readman".' X echo '' X echo '' X Xuninstall: X echo '' X echo "Begin '$(pkg)' uninstall sequence:' X echo '' X if test -f $(pol);\ X then rm -f $(pol);\ X echo "$(pol) is removed!";\ X else echo "$(pol) doesn't exist!";\ X fi X X if test -f $(1st);\ X then rm -f $(1st);\ X echo "$(1st) is removed!";\ X else echo "$(1st) doesn't exist!";\ X fi X X echo '' X echo "Files in directory '$(poldir)' not removed....." X echo ' ......(do so by hand, if required.' X Xvirgin: X # This should get us back to as-issued stock configuration: X rm -f 1stlogin policy policy.1 1stlogin.8 install.out .hold X X# end of file END_OF_FILE if test 10477 -ne `wc -c <'Makefile.d'`; then echo shar: \"'Makefile.d'\" unpacked with wrong size! fi # end of 'Makefile.d' fi if test -f 'misc/Survey' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'misc/Survey'\" else echo shar: Extracting \"'misc/Survey'\" \(8647 characters\) sed "s/^X//" >'misc/Survey' <<'END_OF_FILE' X$Id: Survey,v 5.3.2.5 91/09/03 09:55:18 policy USENET $ X XCopyright (c) 1991 by Bergen B. Hovell, Jr. Submit email responses to Xpolicy@mtek.com or hardcopy to PO Box 1812, Lake Oswego, OR, USA 97035 X============================ 'POLICY' SURVEY ============================== XPURPOSE XThis survey asks system administrators (including news administrators) for Xbrief feedback about local "policy" in their multi-user computing environ- Xments, un*x or other. X XFor this research, 'policy' is defined as all formal or informal rules of Xuse of - or access to - such computing resources. X XPRIVACY OF INFORMATION PROVIDED XYour name and/or email address will *not* be released to - nor your indiv- Xidual responses be shared with - any person, agency, or organization which Xis not directly engaged in performing this research. You will not be solic- Xited by anyone nor be otherwise annoyed as a result of your decision to Xrespond or not respond. X XINSTRUCTIONS XThose persons ONLY should respond who have some current responsibility for Xsystem administration, or who supervise others who do. Such duty need not Xbe one's sole (or even primary) duty. X XUnder *each* header below, select your *one* best choice by *deleting* all Xothers under that header (and the header itself), then proceed on to the Xnext header. This is a forced-choice, multiple-choice, complete-the-state- Xment format. Just like in school: even if you think the question is perfect- Xly lousy, pick just one anyway. Please. X X[ If you wish to supply comments, they are *most* welcome - but please send Xthem back by separate mail with "Subject: comments" (or suchlike) so we can Xpick them out from survey-responses, which get automated (sorta) processing Xon this end. ] X XYou should be able to work these in order from top to bottom, deleting as Xyou go. When you are done, you should have remaining a total of exactly 18 Xlines of actual responses. Other lines of text will be ignored. X XFUNNY STUFF XIt shouldn't matter if your mailer inserts ">" or other customary left-margin Xmarks when you reply - you send it, we'll parse it :-). If you have your own Xdot-sigs or other stuff containing pipe-marks scattered about, however, it Xjust means someone here may have to hand edit them out. You *could* save Xus that minor misery by doing this yourself. :-) X X============================== BEGIN SURVEY ============================== X XYou can start by deleting everything above this line. X X[Basic Info] X XMy *primary* job location is in: X================================ X|AA| Africa X|AB| Australia X|AC| Canada X|AD| Europe, except Soviet Union X|AE| Far East, except Japan and Soviet Union X|AF| Indian Subcontinent X|AG| Japan X|AH| Mexico and Central America X|AI| South America X|AJ| Soviet Union X|AK| United States X|AZ| Other X XMy local organization is *primarily*: X===================================== X|BA| Commercial - Hardware or software manufacture X|BB| Commercial - Hardware or software sales or service X|BC| Commercial - Other manufacture X|BD| Commercial - Other sales or service X|BE| Educational [university or other] X|BF| Governmental, except military X|BG| Health-care X|BH| Military X|BI| Religious or fraternal X|BJ| Research, except educational X|BZ| Other X XMulti-user facilities of some kind have been locally available: X=============================================================== X|CA| Fewer than six months X|CB| More than six months X|CC| More than 1 year X|CD| More than 2 years X|CE| More than 3 years X|CF| More than 4 years X|CG| More than 5 years X|CH| More than 10 years X XI have total system administration experience of: X================================================= X|DA| Fewer than six months X|DB| More than six months X|DC| More than 1 year X|DD| More than 2 years X|DE| More than 3 years X|DF| More than 4 years X|DG| More than 5 years X|DH| More than 10 years X XI have total experience as a user [including sysadmin] of: X========================================================== X|EA| Fewer than six months X|EB| More than six months X|EC| More than 1 year X|ED| More than 2 years X|EE| More than 3 years X|EF| More than 4 years X|EG| More than 5 years X|EH| More than 10 years X XTotal users on all systems I currently administer: X================================================== X|FA| 1-5 users X|FB| 6-25 users X|FC| 26-50 users X|FD| 51-100 users X|FE| 101-500 users X|FF| More than 500 users X|FG| More than 1000 users X XMy primary administration activities are on systems which are: X============================================================== X|GA| Un*x [any flavor] X|GB| VMS X|GC| PC LAN X|GD| Combination - 2 or more of the above X|GZ| Other multi-user X X[Historical Practice] X XHistorically, our policies [written or not] have included: X========================================================== X|HA| General guidelines X|HB| Specific "Dos & Don'ts" X|HC| Both of the above X|HD| None of the above X|HE| Don't know X|HZ| New site - no historical practice X XHistorically, actual policy has been *mainly* defined by: X========================================================= X|IA| Informal day-to-day user practices X|IB| User-committee decisions [or similar formal means] X|IC| Directions of user's immediate supervisor X|ID| Sysadmin or system manager decisions X|IE| Upper management decisions X|IF| Don't know X|IZ| New site - no historical practice X XHistorically, actual policy-enforcement authority came *mainly* from: X===================================================================== X|JA| No one - each user did what he needed to do X|JB| Users, through active peer pressure X|JC| User-committee decisions [or similar formal means] X|JD| User's immediate supervisor or manager X|JE| Sysadmin or system manager X|JF| Upper management X|JG| Don't know X|JZ| New site - no historical practice X XHistorically, policy information was presented to users *mainly* by: X==================================================================== X|KA| Verbal info, primarily from other users X|KB| Verbal info from manager, supervisor, or sysadmin X|KC| On-paper-only written info from manager, supervisor, or sysadmin X|KD| On-line interactive displayed [as well as on-paper] written policies X|KE| Don't know X|KZ| New site - no historical practice X X[Current Interest] X XRecently, users raise policy questions: X======================================= X|LA| Virtually never X|LB| Probably about once a year X|LC| Probably about once a month X|LD| Probably about once a week X|LE| More frequently X XRecently, middle and upper managers raise policy questions: X=========================================================== X|MA| Virtually never X|MB| Probably about once a year X|MC| Probably about once a month X|MD| Probably about once a week X|ME| More frequently X X[Future Expectations] X XFuture policies [written or not] will include: X============================================== X|NA| General guidelines X|NB| Specific "Dos & Don'ts" X|NC| Both of the above X|ND| None of the above X|NE| Don't know X XFuture actual policy will be *mainly* defined by: X================================================= X|OA| Informal day-to-day user practices X|OB| User-committee decisions [or similar formal means] X|OC| Directions of user's immediate supervisor X|OD| Sysadmin or system manager decisions X|OE| Upper management decisions X|OF| Don't know X XFuture actual policy-enforcement authority will *mainly* come from: X=================================================================== X|PA| No one - each user will do what he needs to do X|PB| Users, through active peer pressure X|PC| User-committee decisions [or similar formal means] X|PD| User's immediate supervisor or manager X|PE| Sysadmin or system manager X|PF| Upper management X|PG| Don't know X XFuture policy information will be presented to users *mainly* by: X================================================================= X|QA| Verbal info, primarily from other users X|QB| Verbal info from manager, supervisor, or sysadmin X|QC| On-paper-only written info from manager, supervisor, or sysadmin X|QD| On-line interactive displayed [as well as on-paper] written policies X|QE| Don't know X XPolicy package: X=============== X|ZA| We had no difficulty installing this package using the Makefile. X|ZB| We installed it with just a few changes in the script[s]. X|ZC| We installed it only after making many changes. X|ZD| We couldn't install it at all. X|ZE| For other reasons, we chose not to install it at this time. X X************************************************************************** X Now delete all lines that are not responses to questions, and please X email to "survey@mtek.com" or "tektronix!bucket!mtek!survey" X************************************************************************** END_OF_FILE if test 8647 -ne `wc -c <'misc/Survey'`; then echo shar: \"'misc/Survey'\" unpacked with wrong size! fi # end of 'misc/Survey' fi if test -f 'misc/art.ur1' -a "${1}" != "-c" ; then echo shar: Will not clobber existing file \"'misc/art.ur1'\" else echo shar: Extracting \"'misc/art.ur1'\" \(14732 characters\) sed "s/^X//" >'misc/art.ur1' <<'END_OF_FILE' X X X X X X X X $Id: art.ur1.N,v 5.3.2.5 91/09/03 09:55:33 policy USENET $ X X Revised from "Daemons and Dragons", UNIX REVIEW, X March 1990 (Vol. 8 No. 3) X X X SSSSYYYYSSSSTTTTEEEEMMMM AAAADDDDMMMMIIIINNNNIIIISSSSTTTTRRRRAAAATTTTIIIIOOOONNNN PPPPOOOOLLLLIIIICCCCIIIIEEEESSSS X X by Bud Hovell X X X X Randy Kunkee (uunet!ficc!kunkee), a system administrator for X a large systems supplier in the Southwest, wrote the follow- X ing question to the system-administration mailing list: X X I am the manager of a support group for a company with X about 300 or so users on our internal Xenix and UNIX- X based systems. X X I'd like to know what other administrators of large X sites do about controlling the contents of news postings X and signatures. Recently, we stopped feeding a news- X group because a couple of people got very political and X bad-tempered, and it was felt that they were reflecting X badly on the company as a whole. While I am all for X freedom of speech, management felt (and I agreed) that X this does not necessarily apply to usenet postings, X which the company pays to provide. X X IIIInnnnttttrrrroooodddduuuuccccttttiiiioooonnnn X X Some people seem to believe that they have a ``right'' to be X political and bad-tempered -- whether it reflects badly on X their own organizations or not -- with complete impunity. X X However, when and how administrators confront this issue may X be more relevant than the specifics of what decisions may X result. It probably matters least whether those decisions X conform to the actions of administrators in other organiza- X tions. X X The real problem is that, usually, no formal, coherent pol- X icy is established in advance of the need. For the most X part, management isn't directly involved in defining such X policy until a crisis arises. Without it, users get con- X flicting ideas about what is and isn't okay to send over X uuuusssseeeennnneeeetttt. X X X X X X X X X X X X X X X - 2 - X X X X FFFFoooorrrrmmmmaaaallll PPPPoooolllliiiicccciiiieeeessss X X In every giant flame war I've witnessed on uuuusssseeeennnneeeetttt concerning X how a particular site has threatened Western civilization by X barring some user (or some distributed group), the disputed X event is characterized by the fact that management made its X decision on how to respond based on an after-the-fact policy X definition. X X In the final analysis, this indicates a management failure. X X Why? It's simple: the local management is responsible for X deciding how institutional resources (including computing X services) are to serve the overall mission of the institu- X tion, and is thus obliged to ensure that those decisions are X not undermined by misuse or abuse. This is its job, whether X it does it or not. X X Each organization, having a unique mission, must avoid the X naive logic that uuuusssseeeennnneeeetttt has rules to which they must adhere X because other organizations (with different missions) have X adopted them. In actual practice, decisions about what X groups to carry and which users have what privileges are X made by administrators all the time on a case-by-case basis. X X That these decisions vary widely should come as no surprise X to anyone not raised in a cave. What some yahoo in another X organization calls ``the spirit of uuuusssseeeennnneeeetttt'' is, perhaps, X ardently poetic, but such statements have nothing to do with X real-world policy criteria. X X Managers rarely own the computing resources they oversee. X However, they do have some real obligations of stewardship X toward the true resource owners. This is true in any organ- X ization, be it within the sanctity of the university or in X the world of commerce. X X Usually, though, responsibility for anticipating potentially X hazardous events and forestalling them using rational policy X is not met, either by the administrators that might identify X them or by the management that might generate the policy. X X Until. . . . X X Until management finds itself confronted with a nasty situa- X tion that demands an immediate response. At this point, a X ``policy'' must suddenly be defined in an ad hoc manner, X driven by an event that people now please themselves to X choose up sides and fight about. This is potentially damag- X ing and grandly inelegant. X X X X X X X X X X X X X - 3 - X X X X Such situations are generally thrust upon management, which X truly wishes the whole damn thing would just go away. X X The cost of playing catch-up is always enormous, relative to X the cost associated with handling the issue before it X arises. X X How do we solve this problem? Define policies that lay out X the rules in writing, in advance, and explain to users the X reasoning behind them. X X It is not necessary that every user agrees with the reason- X ing -- only that they understand it. If they also agree X with it, that's nice. If they don't, listen very carefully X to their concerns. Usually you will find that you have not X conveyed your meaning clearly. X X A written policy should succinctly define desired outcomes X to be obtained or undesired outcomes to be avoided, along X with information suggesting how and why these outcomes X should be treated as proposed. X X You want to ensure that, in the event that someone ``crosses X the line'' and violates an organization's policy, the fol- X lowing points are already in place: X X +o The ``line'' was defined before (and not after) the X event in question took place. X X +o The ``line'' wasn't arbitrary or created and enforced X on your sole authority. This could create many prob- X lems for you as an administrator. X X +o All the users have read the policy, have had the oppor- X tunity to ask questions, and clearly understand that by X logging in, they have agreed to the policy. X X +o The wording of your policy is simple and to the point. X Remember that it is the understanding of the policy's X intent that is most important. X X +o The final approval of policies came from the highest X possible level of the organization. X X Again, if you are the administrator, be certain that you X have at least the implicit approval of management (and it's X is better to have explicit approval) before establishing X policies formally and publicly. X X In any case, be sure you get some kind of approval, or the X policy will likely wither when a crisis arises in which it X X X X X X X X X X X X - 4 - X X X X might apply. X X If you develop and present your management with a general X outline of your proposed policy, along with some good argu- X ments in favor of it, there is a good chance that you will X ultimately get most or all of what you want. Be sure that X management is comfortable with the policy's basic philosophy X before committing to specific policy descriptions. X X The person who formulates the definition of the issues to be X addressed is often in the strongest position to govern the X final outcome. If you are the system administrator, be sure X that you are this person. X X Note that if you wait for an ``event'' to occur before X defining policy, there is a very good chance that the policy X created ad hoc by an angry and harried management will be X far more draconian than warranted, and you will then be com- X pelled to enforce it. You will most likely get what you X don't want if you let this happen. X X Document the details of the policy after you and management X are in agreement (in principle) about what is needed and X why. There should be no surprises for anyone on fundamen- X tals. X X Once this point is reached, submit the final document for X signed approval. The success of this step should be a shoo- X in, if you've performed the other steps in order. X X If your organization genuinely cares about what its people X think and feel, then get permission to set up a panel of X users to review the proposed policy. This makes compliance X a non-issue. X X PPPPuuuubbbblllliiiicccciiiizzzziiiinnnngggg tttthhhheeee PPPPoooolllliiiiccccyyyy X X The implementation of a policy is simple: X X +o Set up a means to present the policy to users on line X (such as a shell script offering a menu of policies). X X +o Advertise how to access the stored policies and inform X the users (in writing) that they are responsible for X understanding and complying with published policies. X X +o Tell users that they should direct any questions to X you, the system administrator. X X If a policy changes, put a notice in /etc/motd that briefly X summarizes the change, and e-mail a copy of this notice to X X X X X X X X X X X X - 5 - X X X X every user, especially managers. If managers don't use the X computer, send them a hard copy. X X Use RCS or SCCS to document and date-stamp any changes to X policy files. This is easy and protects you against subse- X quent hassles over when changes were actually implemented. X Again, keep it simple. X X Once original basic policy is hammered out, policy making X and enforcement should be a very low-overhead operation. X Well-defined policies do not suffer from constant change. X If yours do, get some outside help from someone skilled in X formulating them. X X If possible, find someone who knows nothing about computing. X It may take a bit longer, but the resulting policies will X probably be better defined. (When my father was writing his X master's thesis, he used me as his proofreader. I was ten. X He figured that if I had a problem understanding something X he had written, it probably wasn't clear and he changed it.) X X Rather than writing one huge policy ``mega-document'', you X can set up topical text files in a designated on-line policy X directory that can be maintained easily and called by the X menu suggested above. For example, our current policy direc- X tory contains: X X size name X ---- ---------------------------- X 922 /usr/local/adm/Policy/back X 846 /usr/local/adm/Policy/gen X 1455 /usr/local/adm/Policy/logins X 5123 /usr/local/adm/Policy/org X 317 /usr/local/adm/Policy/usenet X X [Author's comment: you will notice that our own list of pol- X icies is now much longer, and the contents larger, than was X the case at the time this article was originally written. X Progress. :-) bbh ] X X Note that most of these files are tiny. The biggest one is X a complete layout of the entire directory structure, with X descriptions of what each directory contains. This is nice X for new users, who may be a bit mystified by it all, and for X anyone else who wants to know how the system is organized. X X It took me about two hours to document local policies (I am X the system administrator as well as a manager/owner, so this X part was lightning-fast). The shell script took about 45 X minutes. Total investment: under three hours. Now my users X can be informed of how the system is and isn't to be used by X X X X X X X X X X X X - 6 - X X X X selecting items from the policy menu. To wit: X X DIRECTORY OF LOCAL POLICY FOR HOST `MTEK' X X back - who makes backups and when X gen - general overview X logins - responsibilities of users X org - where we put things (and why) X usenet - requests for connection X or `q'uit X X To review a policy, type in subject: > X X The menu expands, contracts, or changes each time I add, X delete, or alter a policy text file name or description. X It's dirt simple. X X As for enforcement, in larger organizations, peer review by X fellow users may be much more effective than making senior X managers (or yourself) the sole prosecutor. Fellow users may X be even harsher in their judgment of alleged offenders than X management would be. X X SSSSuuuummmmmmmmaaaarrrryyyy X X Again, you will probably find that enforcement is a non- X issue if your policies are: X X +o SSSSiiiimmmmpppplllleeee -- your 10-year-old kid understands it. X X +o WWWWrrrriiiitttttttteeeennnn -- uses journalistic style and phrasing. X X +o AAAAddddvvvveeeerrrrttttiiiisssseeeedddd -- everyone knows where and what they are. X X +o CCCCoooonnnnssssiiiisssstttteeeennnntttt -- creates no obvious logical conflicts. X X +o FFFFuuuunnnnccccttttiiiioooonnnnaaaallll -- makes sense in support of the X organization's mission. X X +o HHHHuuuummmmaaaannnn -- avoids a bureaucratic tone (humor helps). X X +o AAAAuuuutttthhhhoooorrrriiiizzzzeeeedddd -- management signed off on it (preferably X ``top'' management). X X [ Author Bio ] X X Bud Hovell is a productivity and project management special- X ist with MMMMTTTTEEEEKKKK IIIInnnntttteeeerrrrnnnnaaaattttiiiioooonnnnaaaallll,,,, IIIInnnncccc.... X X X X X X X X X X X END_OF_FILE echo shar: 570 control characters may be missing from \"'misc/art.ur1'\" if test 14732 -ne `wc -c <'misc/art.ur1'`; then echo shar: \"'misc/art.ur1'\" unpacked with wrong size! fi # end of 'misc/art.ur1' fi echo shar: End of archive 2 \(of 3\). cp /dev/null ark2isdone MISSING="" for I in 1 2 3 ; do if test ! -f ark${I}isdone ; then MISSING="${MISSING} ${I}" fi done if test "${MISSING}" = "" ; then echo You have unpacked all 3 archives. echo "'This is usenet version 5.3.2.5 of 91/09/03.'" rm -f ark[1-9]isdone else echo You still need to unpack the following archives: echo " " ${MISSING} fi ## End of shell archive. exit 0 -- Bud Hovell _______________ policy@mtek.com