[K12OSN] Student problem

Jim Kronebusch jim at winonacotter.org
Wed Apr 28 22:25:08 UTC 2004

Thanks Mike!  This is awesome info.  

Where do you set up access levels?  Or is this just describing theory of
how to set up each user with that type of access level?

-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On
Behalf Of Mike Rambo
Sent: Wednesday, April 28, 2004 12:58 PM
To: Support list for opensource software in schools.
Subject: RE: [K12OSN] Student problem

On Wed, 2004-04-28 at 15:36, Jim Kronebusch wrote:
> I would like to add to the original question #1.  When making the drop

> folder you are only able to specify an owner and a group.  I am a 
> little frustrated with both OS X and Linux in the fact that you are 
> limited to only setting permissions for one additional group.  Problem

> is that I have a folder with the "student" group set to write only, 
> "root" is the owner with full privilege, now I want to give the 
> "teacher" group read/write privileges...oops...too bad...I can only 
> specify one group. Is this truly a limit with Linux or do the gui's 
> limit to only single group privileges.  On Windows I can specify 
> privileges for 15 groups if

Users can be in as many groups as you want. The thinking behind it is a
little different (instead of different groups having access to a folder
think of one group having access to the folder but users being in
multiple groups) but it allows you to accomplish pretty much the same
thing as with windows. Here's how we do it (as an example):

We have five general access levels with each one associated with a

:level:		:primary group:	:secondary groups:
sysadmins	wheel		adm,teachers,staff,users
netmgrs		adm		teachers,staff,users
teachers	teachers	staff,users
otherstaff	staff		users
students	users		-

By making a user a member not only of their primary group but also a
member in all groups below they will have access at their primary level
and below - or put another way...

Group Name	User Names

user		joe,cindy,susan,fred,john
staff		cindy,susan,fred,john
teacher		susan,fred,john
adm		fred,john
root		john

In the example above the user susan can have access to folders that are
owned by any of three groups. By using secondary group memberships you
can have the finer access control you are looking for. You do then have
the additional task of getting the users into the right groups.

We have come up with a system we call usersync that basically has a
master server downtown running some php scripts against a mysql backend
that generates all the things required to do user management for us on
all the local servers. When we add a system (new server) to usersync all
global users (syadmin,netmgrs and certain others) are automatically
added to the new server. Thereafter users can be added globally to add
them to all existing servers or can be added to just one specific
server. You may or may not need anything that elaborate. We have over 30
elementary buildings all of which are moving to linux pdc's (and some of
the secondary buildings may start moving to linux from win2000 in the
next year too) so we needed something like this. At the time we came up
with this ldap didn't appear to be as viable an option as it has become
more recently. The appearance of ACL's will have a bearing on this in
the future too.

Mike Rambo
mrambo at lsd.k12.mi.us

Evolution (n): A hypothetical process whereby infinitely improbable
events occur 
with alarming frequency, order arises from chaos, and no one is given

K12OSN mailing list
K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list