Tardis has always been fairly trusting of it's admins with respects to holding root. This is entirely due to the nature of the project, and we shall continue with this arrangement. In commercial setups, it is not uncommon to restrict root access to a very limited subset of administrators and have them request the root holders to make changes. Doing so for us would be highly impractical and damaging to the project by overly binding us to this restriction.
Normally the root password will be retained by only a core number of administrators, and the remainder will be granted sudo access. Root access shall be granted to administrators when it is deemed that they are fit to be granted it. Granting of root access will be announced on the internal systems list in the case of new administrators.
Before being given root access, administrators will be reminded to the conditions attached to root access.
- Respect users privacy. Root access should never be used to inspect a user's files or mail, unless this is specifically required for the purposes of administration.
- If in doubt about taking an action, check with an assistant or timelord _before_ progressing.
- Root access must not be used to circumvent any firewalls or security logging systems.
- Care must be taken to ensure any actions taken as root do not disrupt the running of the systems where avoidable, or to open systems to the possibility of security breaches.
Root access may be removed at any time. Abuse of root access will lead to instant removal, and depending on the nature of the abuse may also result in closure of your tardis account and/or referral to the university for breach of the computing regulations.