User Access and Security

User Access Configuration

The default Linux configuration which is deployed uses the University LDAP directory for user authentication.
It restricts which user can log onto the machine based on a local Linux group for personal machines or an LDAP-based group for service machines.

Access can be further extended or restricted by editing group membership. Get in touch if you want to make sure you are not locking yourself out.

Local Firewall

Default ingress rules are applied to all RVMs:

• SSH (TCP port 22) is allowed to administrate the machine;
• HTTP(S) (TCP port 80 and TCP/UDP port 443) is allowed by default if you expressed an intent to run a web server;
• default deny on all ingress traffic from the network.

Egress is typically not controlled at this level. Forwarding is disabled by default.

It is worth noting that extra Network ACLs are also applied at a level outside the RVM and are mostly outside our control.

When trying to access services on the VM for administration or development purposes, always favour using SSH port forwarding over poking holes in the firewall. This is especially true for databases: if you can access it, the whole campus can.