Imperial College Union

Imperial College Union SysAdmin

Peter Bridgman, John Oliver, Ivan Kotegov, Quang Nguyen, Yannic Rath, Jamal Mulla

Support email: union.sysadmin@imperial.ac.uk

Introduction

If you represent a club, society, or project, and you want to have or manage a website, then you've come to the right place. We provide web hosting on Dougal, the Union's clubs and societies webserver, including support for popular facilities such as MySQL, PHP, and more.

We also maintain a number of pieces of software that the Union uses. We do not manage mailing lists, please see ICT's documentation for details on these.

Obtaining access to your society's website

If you are a club officer, and you want to give a member of your club access to your society's files, then you can simply log in with the Website Access Request System and add/remove upload access to your site's files.

To perform changes, you'll need the club's account login details in addition to your own. All changes will require SysAdmin approval before taking effect.

Before contating us about issues with the Request System, please go through the Request System Checklist and contact is if necessary after following the steps listed.

Other changes, such as creating a website, databases, adding a custom domain to the website, or obtaining shell login access can only be requested via email at present.

If you do not know your club's username or password, please contact the Student Activities Team.

How to get help

If you need assistance, please read the information below, as your question may already have been answered. If not, you can email us via the address at the top of the page, and we will get back to you as soon as possible.

Useful advice and information

Logging into the server

We recommend using one of WinSCP, Cyberduck, or FileZilla to connect to the Union server, documentation for these pieces of software can be found either within the software or online. Please note that when connecting you must enter your username in lower case.

Once you log in, enter the website directory, and you can find your website in the management group folder it belongs to. Note that you cannot access folders for societies you have not been added to.

Shell access is not available except in exceptional circumstances - you will not initially be able to log into the server over ssh to obtain an interactive prompt. If you require shell access, please contact us with your exact requirements.

For technical users, our SSH public key fingerprint is 39:3d:29:34:c6:11:3c:01:c3:70:5b:29:a2:28:3a:dd

Creating a website

If your society does not have a website on Dougal, and you would like to set one up, please email us from the club account or the account of the club Chair/President/Captain or Treasurer with the following pieces of information:

  • The club's full name as it appears in eActivities (the number is not required)
  • The club's CSC (i.e. ACC, RCC etc.)
  • The preferred folder name (i.e. union.ic.ac.uk/csc/foldername)
  • The club's email account username (what you use to log into Outlook Web App)

We will then set up your website and let you know when you can log into the request system to obtain access.

Requests from users other than the club Chair/President/Captain or Treasurer will be rejected unless sent from the club's own account. If your club does not yet have an email account, please contact the DPFS to set one up before requesting your website, as we will not be able to set up your website without it.

Databases

We provide a MySQL database server for club use. If you do not have a database, one of the Chair/President/Captain, Treasurer, or someone with upload access to the site should contact us. Alternatively someone should contact us using the club's email account.

If you are not sure whether you have a database, please contact us, we can reset passwords upon request.

Generally only one database per club will be set up, but please contact us if you feel you require more.

Databases can be managed using phpMyAdmin. Please note that database credentials are on a per-database basis and are not linked to your College login. You will need the database login to access phpMyAdmin, which may be found in a configuration file for some software on your site.

mod_security

All sites are protected with mod_security unless otherwise disabled. If you feel you need mod_security enabled or disabled, one of the Chair/President/Captain, Treasurer, or someone with upload access to the site should contact us. Alternatively someone should contact us using the club's email account.

Wordpress

We are more than happy for users to install any web apps they may require, including Wordpress. It is a requirement that any software installed must be kept up to date. Websites found to contain outdated software may be deactivated. The rules regarding software security can be seen in the Union Web Policy. We will send out weekly reminders to people with outdated Wordpress installations.

In order to use Wordpress, you will need mod_security disabling, as well as a database. Please see the previous sections for details on sorting these points.

Unless your site uses a domain, you are welcome to use the inbuilt Wordpress upload mechanism - make sure you choose SSH2 when asked for your username and password. Enter dougal.union.ic.ac.uk, and your College login into the username and password box to commence the update. Usernames must be lower case.

If you use a domain, you will need to upload new modules, themes, and Wordpress updates manually, please see our guide for details on doing this. We will block the upgrader if you are using a domain without SSL for your protection.

Custom domains

If you wish to use a custom domain (such as myawesomesite.com) with your site, please contact us. All domains must be authorized by the Union President first, so please contact us before purchasing your domain.

LDAP Connections

Should you wish to connect to the College LDAP Directory, either to obtain details on people, or to use College accounts to log into a site you develop, we have a number of functions for you to use:

  • pam_auth($user, $pass): Authenticates a user's username and password combination. This MUST be done over SSL, else it will fail. It is not permitted to store any College logon credentials. That includes in hashed form.
  • ldap_get_name($user): Returns the full name of the user.
  • ldap_get_names($user): Returns the full name of the user in an array separating first name from last.
  • ldap_get_mail($user): Returns the users' email address.
  • ldap_get_info($user): Returns a large array of LDAP data - department, course, faculty, UG/PG status.

Writing your own LDAP function is strictly forbidden due to security reasons. If you require other data, please contact us.

Error reporting

If you receive any errors at all that you dont understand, have anything to report, or have any other queries please email.

The default configuration is to show all PHP errors, please call error_reporting(0); in your PHP script to hide them if you do not wish users to see any errors which may occur.

All errors are also logged, please contact us if you need logged data. A separate log is available for PHP errors from CLI scripts (i.e. from cron).

cron (Scheduled tasks)

If you need to run a scheduled task, please contact us to set one up. Alternatively, if you have shell access to the server, please contact us and we will enable access to cron for your user.

Storage space

We do not impose any quotas, but please be responsible. We will contact you if we feel your club is using an excessive amount of disk space needlessly.

Backups

You do not need to take your own backups of either your files or MySQL. Backups are taken daily of all files and the MySQL databases. If you need to restore a file or your database, please contact us with the affected files, and when they were last present/OK.

Recent (i.e. past day or two) file and MySQL backups can usually be restored within 24 hours, often much less. For backups dating before this time, there may be a delay as we work with ICT to obtain the right backup medium. Please note if a file has not been modified for a long time, it won't be in the recent backups, and so a delay will be necessary before it can be restored.

Disabled sites

Should your site be hacked, outdated, or defective (i.e. using up all the server's resources), we will disable your site. The club should contact us to have this resolved.

If we are required disable your site, we will contact you shortly after disabling your site to ensure a swift resolution.

Fingerprints

All MD5

DSA:     4b7f57917369b4862b71c6218c61de4e
ECDSA:   4bfd44eb34514c34ed405f7443e0039f
ED25519: 95cdcadf021936fbeb1561c2c7bad6e6
RSA:     393d2934c6113c01c3705b29a22e3add

Connection details

You must be on College VPN to connect.

  • Protocol: SFTP
  • Address/Hostname: dougal.union.ic.ac.uk
  • Port: (not normally necessary) 22
  • Username: Your college login
  • Password: Your college password

Your website is in /website/csc/society, where csc is your club/society committee (such as RCC or ACC)

Software we manage

  • Union Notebox Wiki
  • #AgainstActon Campaign Signatures
  • SysAdmin Request System
  • ICU Mums & Dads
  • ICU SysAdmin toolset
  • Wordpress update notifications