[K12OSN] Student problem

Les Mikesell les at futuresource.com
Thu Apr 29 04:50:35 UTC 2004 

On Wed, 2004-04-28 at 16:29, Jim Kronebusch wrote:
> I agree with what you are saying, I keep thinking "what am I doing wrong
> that this doesn't make more sense".  No matter what I want every user to
> have to deal with one username and password combo, anything more just
> pisses us all off :-)  I want the list of share points to be simple when
> a user logs in and don't want them traversing all over to get access.
> So if I have a share of 'Drop' with 'TeacherX,Y, and Z' under it I need
> to let groups "Students" and "Teachers" into share 'Drop'.  Then every
> teacher wants 'ClassX, Y, and Z' under their folder with another set of
> permissions.  I think the main problem is I just confuse myself when I
> think too much.  I will go back and re-evaluate directory structure and
> try to come up with a more efficient way to propogate users along with
> permissions given the user,group,other limit.  Heck, just even
> describing this makes me think there is a better way :-) 

One really simple way is a secure setuid program written to take
input from one user and deliver it to one or more others.  I don't
have the hubris to think I could write a better one than the
stock email programs you already have, though.

Another way would be to put the teachers in each student's
group so they have access to the home directories.  Then
you can make a class_homework directory in each student
directory which the teacher(s) can read directly.  If you
want to reduce the clutter for the teachers, you can make
them a class_homework directory full of symlinks to each
student's class_homework directory.  Then instead of
/home/student/class_homework/file, they would find them
all in ~/class_homework/student/file.

Or, make a central subdirectory for each class with the
group for the class and mode drwxr-x---.  Under that
make a homework directory with the teacher's group
mode drwxrws-wt.  (chmod g+s to make files take the
directory's group, chmod +t so you can't delete files
unless you have write access to them).  That way anyone
that can get past the class directory can write in the
homework directory, but can't see the filenames there
or delete other files even if they guess the names.
I'm not sure I would completely trust this because
the directory setgid bit just forces the group as
a default and there are ways of copying that would
put the student's group back on the file.  Also the
default 002 umask will leave the files readable by
others if the names can be guessed.  It would work
if the group and modes are set explicitly - this could
be done by a program or script that would not need to
be setuid.

---
  Les Mikesell
   les at futuresource.com

More information about the K12OSN mailing list