Accounts and Permissions

A Mixed Bag

Personal workstations: The login to your computer varies per research group. Ask your PI or us and we'll help you out with how to authenticate.

106 Computer Lab: The 16 Linux computers in room 106 are open access to Physics affiliates. Once you've activated your Physics access (see link below), you can use your campus login and passphrase to log in. The gateway/authentication server is called Physauth and it's where you go for activating your 106 lab account, resetting the passphrase to Physauth. If you have problems authenticating, contact us (and double-check that you're not putting spaces before your login). More info here:

http://ithelp.physics.ucdavis.edu/kb/physauth

Campus Accounts: If you're new to campus, you generally receive some paperwork and an employee ID. With that, you can go to https://accounts.ucdavis.edu and create your login, passphrase, and email address.

Wireless: While there are a few faculty-controlled wifi access points in the Physics building (check with those faculty groups for access), we've tried to distribute the campus wifi called eduroam throughout the building. eduroam uses your campus login ID followed by @ucdavis.edu (Example: jsmith@ucdavis.edu) with your campus passphrase as password. eduroam is available at many universities throughout the world. More info here:

Campus Wireless in Physics

Connecting to eduroam using Linux


Authorization

For people in research groups (students, researchers), access to resources is defined by your PI (lead faculty member). Accessing a file server, a non-eduroam access point, or logging into a system in a lab are all activities governed by faculty. IT may assist but we'll always confirm with the PI that a person should have access. You can speed this up a touch by having your PI contact us directly.


Troubleshooting Account Issues

Whether it's your Physics account or campus account, you can always ask us for assistance if something isn't working. For campus logins, often a quick call to Campus IT Help (754-4357) is enough to resolve most account issues.


General Recommendations

Two accounts or Sudo: Where possible, do not run as an administrator-level account for day-to-day operations. For Windows, this generally means two accounts: one to log in with and use for everyday activities; the other to respond to administrator prompts. This keeps bad software from affecting the whole computer. MacOS has sudo built-in -- it's difficult to run as root. Linux users should not remotely access their systems as root -- add your account to sudoers, and actively block root SSH access or restrict it to key-only. Consider using SSH keys rather than passwords for remotely accessing Linux systems.

Don't share accounts: This is obvious and while there are situations where a shared computer account is useful or necessary, it shouldn't be your personal account that you're sharing. Create a second account with limited access to resources that can be shared. Sharing an account can be useful for systems tied to a machine where the running software doesn't like to be logged out.