Ubuntu

At a Glance
Deployment over the network
Support by isginf best-effort
User management LDAP or local on computer
Backup none, all data must be on network shares
Administrator (root) access for computer owner optional but recommended
Responsibilities
OS installation isginf
Configuration and setup isginf / owner
Updates & security fixes owner
Software licensing & installation owner

Supported Versions

ReleaseSorted ascending Installation Support
16.04    
18.04    
20.04 X X
22.04 X X

For details on the EOL dates read on here.

Managed Configuration

The following configuration is automatically managed by isginf:

  • Firewall
    • Default:
      • No incoming traffic is allowed except SSH and some other required ports.
      • Fail2ban is configured to harden SSH.
    • Options (request by ticket):
      • Add custom rules.
      • Disable firewall and/or fail2ban.
    • Options (self service):
      • Use firewall-cmd to maintain custom rules locally.
  • Printers
    • Default:
      • Follow-me-printing with card-ethz or card-stud configured.
    • Options (request by ticket):
      • Add ETH-managed printers (direct-printing).
    • Options (self service):
      • Use Gnome settings or CUPS admin interface to install custom printers.
  • Filesystem
    • Default:
      • Mounted user home directory in /home (from iiStore or ETH student home for student lab machines).
      • Notification by UI if user home is getting full.
      • Mounted scratch and project share(s) in /pub (from iiStore or ETH storage solution).
    • Options (request by ticket):
      • Switch to local user home directories (in /local/home, the shares at /home are still accessible).
      • Custom partitioning (before installation), additional SWAP space, ...
      • Add further mounts.
    • Options (self service):
      • Mount filesystems yourself using mount.
  • Packages
    • Default:
      • Automatic update of all apt and flatpak packages (on boot and once a day).
      • Notification by UI and mail on issues, if a reboot is required or if updates are required.
    • Options (request by ticket):
      • Only install critical security updates (apt).
      • Disable automatic updates (apt & flatpak) completely.
      • Adjust notification behaviour.
      • Autoamtic installation of packages (and apt repositories).
      • Automatic installation of some more complex applications:
        • CUDA
        • Docker CE
        • MatLab
        • (more on request)
    • Options (self service):
      • Check update policy and status with update-status (as root).
  • Users
    • Default:
      • All users of your LDAP-OU are known to the system.
      • Only the defined users (plus the IT coordinators and isginf) are allowed to log in.
      • Only defined users (plus isginf) have root access (by sudo).
    • Options (request by ticket):
      • Reduce list of known users to a subgroup of the OU (e.g. only staff and students, not guests).
      • Remove login restriction (so all known users are allowed to log in).
      • Restrict login to a (self-maintained) local or LDAP group.
      • Change list of defined users (with or without root access).
    • Options (self service):
      • Add local users with sudo adduser.
      • Allow login to additional LDAP users with sudo usermod -a -G localusers {username} (they must still be known to the system, so they must exist in the OU).
      • Grant root-access to additional users with echo "{username} ALL=(ALL) ALL" | sudo tee -a /etc/sudoers/local.

Page URL: https://www.isg.inf.ethz.ch/bin/view/Main/ServicesDesktopsAndLaptopsLinuxUbuntu
2024-03-29
© 2024 Eidgenössische Technische Hochschule Zürich