[K12OSN] SMB-LDAP and allowing Teachers to view Students homedirectories
Tom Wolfe
twolfe at sawback.com
Thu Dec 14 13:29:24 UTC 2006
Can you use extended attributes/ACLs? I did this with a FreeBSD file server
we use with Active Directory, and though it took some time, the permissions
issues were eliminated.
Regards,
Tom Wolfe
-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf
Of Julian Yap
Sent: December 14, 2006 01:06
To: Support list for opensource software in schools.
Subject: [K12OSN] SMB-LDAP and allowing Teachers to view Students
homedirectories
Hi all,
I'm helping with the upgrade of a local school's single K12LTSP server
to using a LDAP server and more K12LTSP labs.
Currently they have the standard Linux convention for students in that
their user name is the same as their primary group.
For example:
uid=1001(student) gid=1001(student) groups=1001(student)
The Teacher for that Student is then a member of that Student's primary
group:
uid=2001(teacher) gid=2001(teacher) groups=2001(teacher),1001(student)
A Teacher can than access the Student's home directory as the Student's
home directory's Group permissions are turned on.
eg.
$ ls -ld ~student
drwsrws--- 56 student student 4096 Dec 13 19:35 /home/student
Here's the rub. I'm having problems thinking of how this would best
translate to a SMB-LDAP environment. Both security wise and simplicity
wise. That is, how can I best allow Teachers the ability to access
Student's home directory files.
This is an example student in the new system:
uid=1004(student) gid=513(Domain Users) groups=914(Students),513(Domain
Users)
This is an example teacher in the new system:
uid=1005(teacher) gid=513(Domain Users) groups=523(Staff),513(Domain
Users)
These are the default permissions for a Student's home directory:
$ ls -ld ~student
drwx------ 3 student Domain Users 4096 Dec 13 20:53 /home/student
Any help would be great.
Thanks,
Julian
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
More information about the K12OSN
mailing list