[K12OSN] Student problem

Jim Kronebusch jim at winonacotter.org
Thu Apr 29 13:53:32 UTC 2004 

Ya know, I am starting to realize the real problem I am having.  I can't
find a way to do what I want with minimal interaction, my problem is
being lazy :-)  Thanks for all your suggestions, I am sure I have enough
info to do exactly what I want now, I just need to determine how much
work I want to do maintaining groups and access levels.  

Thanks again for your help in understanding linux permissions.

-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On
Behalf Of Les Mikesell
Sent: Wednesday, April 28, 2004 11:51 PM
To: Support list for opensource software in schools.
Subject: RE: [K12OSN] Student problem


On Wed, 2004-04-28 at 16:29, Jim Kronebusch wrote:
> I agree with what you are saying, I keep thinking "what am I doing 
> wrong that this doesn't make more sense".  No matter what I want every

> user to have to deal with one username and password combo, anything 
> more just pisses us all off :-)  I want the list of share points to be

> simple when a user logs in and don't want them traversing all over to 
> get access. So if I have a share of 'Drop' with 'TeacherX,Y, and Z' 
> under it I need to let groups "Students" and "Teachers" into share 
> 'Drop'.  Then every teacher wants 'ClassX, Y, and Z' under their 
> folder with another set of permissions.  I think the main problem is I

> just confuse myself when I think too much.  I will go back and 
> re-evaluate directory structure and try to come up with a more 
> efficient way to propogate users along with permissions given the 
> user,group,other limit.  Heck, just even describing this makes me 
> think there is a better way :-)

One really simple way is a secure setuid program written to take input
from one user and deliver it to one or more others.  I don't have the
hubris to think I could write a better one than the stock email programs
you already have, though.

Another way would be to put the teachers in each student's group so they
have access to the home directories.  Then you can make a class_homework
directory in each student directory which the teacher(s) can read
directly.  If you want to reduce the clutter for the teachers, you can
make them a class_homework directory full of symlinks to each student's
class_homework directory.  Then instead of
/home/student/class_homework/file, they would find them all in
~/class_homework/student/file.

Or, make a central subdirectory for each class with the
group for the class and mode drwxr-x---.  Under that
make a homework directory with the teacher's group
mode drwxrws-wt.  (chmod g+s to make files take the
directory's group, chmod +t so you can't delete files
unless you have write access to them).  That way anyone
that can get past the class directory can write in the
homework directory, but can't see the filenames there
or delete other files even if they guess the names.
I'm not sure I would completely trust this because
the directory setgid bit just forces the group as
a default and there are ways of copying that would
put the student's group back on the file.  Also the
default 002 umask will leave the files readable by
others if the names can be guessed.  It would work
if the group and modes are set explicitly - this could
be done by a program or script that would not need to
be setuid.

---
  Les Mikesell
   les at futuresource.com
 


_______________________________________________
K12OSN mailing list
K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

More information about the K12OSN mailing list