What is the mail.sas acceptable use policy?

The mail.sas computer supports electronic communications for students, faculty and staff in the School of Arts and Sciences. In order to provide sufficient resources for the entire SAS community, we must limit resources given to each individual. Additional support may be available from academic departments and research facilities.

A. Security

Your computer account is for your use only. You are solely responsible for what is done using it. If there is evidence of unauthorized or improper use of your account, it will be temporarily disabled. This protects your files and other users of the system. You will be asked to contact the postmaster, show them your Penn ID, change your password, and/or take other appropriate action. If you suspect that someone else may be using your account, report it by contacting the postmaster or the helpdesk immediately.

Choose a password that will be difficult to guess and keep it a secret. Your password belongs to you alone. Don't even give your password to a friend or to a computer system administrator.

Logout when you are finished at a terminal. If you don't, other people can use your account, change or delete your files, and so on. (see part H: Idle Session Logout)

No computer system is immune to forgeries or spoofs. Don't take any irreversible action based on electronic communication alone. In particular, don't believe everything you read on April Fools' Day.

B. Privacy

Read other people's files only if you have permission from the owner to do so. This applies to both protected and unprotected files. On the other hand, complete privacy cannot be guaranteed. Never store files on any time-sharing system whose disclosure would be disastrous. System Administrators may only view users' files under exceptional circumstances, such as the appearance of a violation of policy, for required system maintenance, or in response to a question or request from the user. Automatic programs keep logs of accounts accessed and programs run, for maintenance, security, and accounting reasons.

C. Accessing other computers

Only attempt to connect to other computers if you have reason to believe that the owner wants you to connect. For example ssh, telnet, ftp, login, and any other method. If you are requested to stop connecting to certain computers, you must stop. You may not run any server program which accepts incoming connections to MAIL.SAS. Failure to comply with any of these rules may result in termination of your account.

All outside connections go through the Internet, and some machines on the Internet have very strict policies. Since our university connection can be terminated by Internet authorities if there is evidence of abusive use of the connection, SAS is very strict about even the appearance of abuse.

D. Misbehavior

Forged mail, attempts to use other people's accounts, attempts to crack passwords, attempts to alter system files, and similar misbehavior may be referred to the Office of Student Conduct. The OSC is part of the University Judicial System, which provides notice of charges, opportunity for settlement or hearing, judgement by University community members, and the right to appeal, thus ensuring fundamental fairness to all parties involved. Student records are protected by University privacy policies.

Other misbehavior may violate the University's general policies, the Pennsylvania Computer Crime Act of 1983, the University's policy on Ethical Behavior with Respect to the Electronic Information Environment or other applicable laws.

Any activity that may significantly impact the performance of the system is prohibited, such as mass mailing.

Running non terminating background processes such as IRC robots (bots) is prohibited.

Any activity which denies or restricts service to other users of MAIL.SAS or any other computer is strictly forbidden. This includes harassment by repetitive email, mail-bombs, electronic chain letters, messaging or any other means. Harassment by computer falls under the university's general policy. Please also see Penn's Policy on Acceptable Use of Electronic Resources. Severe or repeated harassment will be referred to the Ombudsman's Office. Any concerns about this may be discussed in a confidential manner with the Ombudsman's Office (898-8261).

E. Limits (processor time and memory)

The MAIL.SAS computer's mission is to provide electronic communications for SAS faculty, staff, and students. It is not intended as a software development platform, nor are there sufficient disk, memory, and CPU resources for this type of use. To provide a reasonable level of support for the entire SAS community, we must limit the size of computing tasks performed on the system. Users are currently restricted to a total of 30 CPU minutes per month. Individual processes are limited to 5 CPU minutes and 20 MB of program memory. Email attachments are limited to 20 Megabytes and these limits are automatically enforced. Our experience has shown that these limits are more than adequate for even the heaviest email and USENET news users. It should also be known that for security concerns CGI scripts and other executable code are not allowed on the sas.upenn.edu web server.

F. Quotas (Disk space allocated per account)

1) Home directories: Faculty and staff are allowed a maximum of 25 Megabytes of permanent storage; Students are allowed a maximum of 20 Megabytes (Please see Quotas for more information and support). In some special cases, users may be granted an increase beyond these limits. For special requests about disk quotas and other privileges, contact help@sas.upenn.edu.

2) Spool space (inbox): The mail spool directory is intended only for incoming mailbox files. Any other files found placed in this area will be promptly deleted by the system administration. Resources permitting, users may keep up to 15M of mail in this directory. Users exceeding this will be given notification, and eventually mailbox files will be truncated or archived to offline storage. This archived mailbox file is named mbox-date (e.g. Mail/mbox-Jun-24-01) and if it is not viewed or does not have its name changed it will, after 4 months, be deleted to eliminate wasted disk space.

3) Temporary space (/tmp): This space is for temporary files only. Files more than a day old will be automatically deleted. For shorter periods of time, users may use up to 20 MB in /tmp.

G. Account Deletion

Accounts of graduating seniors and other students leaving the university (including leave of absence) will be deleted in the October following their graduation or departure. The University offers alumni an email forwarding service which can be accessed at the Penn Alumni web page. Faculty no longer working at Penn will have their accounts deleted 90 days after their last day of work. Staff accounts will be deleted 10 days after their last day. Special circumstances may warrant immediate account closure.

H. Idle Session Logout

Idle login sessions may be automatically terminated after 40 minutes for faculty and staff and 20 minutes for students. All idle logins will be terminated after 24 hours of continuous connection. Leaving terminals idle is wasteful of system resources, and a potential security problem.

I. File Backup and Retrieval

System and user files are backed up on a daily basis. These daily backups are kept for 2 weeks. An additional archival backup to be saved for a year is made at the middle of the fall semester before the accounts of graduating seniors and other students leaving the university are deleted from the system. This archive is kept for one year and then deleted.

File retrieval service is available for occasional accidental deletions of critical files. Retrieving data is time and labor intensive, so these services are limited, and subject to the judgement of system administration personnel.

J. Automated Enforcement and Other Policies

Some of the stated policies and limits are automatically enforced, and others manually at the discretion of the administrative personnel. Even if the automatic enforcement programs are circumvented, the policies still apply. The University's general policies apply to computers, such as the policy on commercial use of facilities, guidelines on open expression, and the code of academic integrity.

K. Copying of Computer Software

The University of Pennsylvania does not condone or tolerate the unauthorized copying or use of licensed computer software by staff, faculty, or students. Those who violate this policy may be subject to discipline through standard University procedures as well as civil suit, criminal charges, including possible penalties and fines. Please see Penn's Policy on Unauthorized Copying of Copyrighted Software.

L. Shared Resources

MAIL.SAS and its network connections are shared resources. Using MAIL.SAS gives us computational abilities, world-wide communication, and much more. However, it is a shared system which depends on the honesty of its users. Each user is involved in preserving and protecting the system by observing the rules outlined in this document and by being considerate of others.

Spring 2001
School of Arts & Sciences Computing
University of Pennsylvania.
Send comments about this policy to: policy@sas.upenn.edu.
(Last revised: 06/17/03 -SH+VM+CD, revision 2.5.2)