[K12OSN] Student problem
Jim Kronebusch
jim at winonacotter.org
Wed Apr 28 22:25:08 UTC 2004
Thanks Mike! This is awesome info.
Where do you set up access levels? Or is this just describing theory of
how to set up each user with that type of access level?
-----Original Message-----
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On
Behalf Of Mike Rambo
Sent: Wednesday, April 28, 2004 12:58 PM
To: Support list for opensource software in schools.
Subject: RE: [K12OSN] Student problem
On Wed, 2004-04-28 at 15:36, Jim Kronebusch wrote:
> I would like to add to the original question #1. When making the drop
> folder you are only able to specify an owner and a group. I am a
> little frustrated with both OS X and Linux in the fact that you are
> limited to only setting permissions for one additional group. Problem
> is that I have a folder with the "student" group set to write only,
> "root" is the owner with full privilege, now I want to give the
> "teacher" group read/write privileges...oops...too bad...I can only
> specify one group. Is this truly a limit with Linux or do the gui's
> limit to only single group privileges. On Windows I can specify
> privileges for 15 groups if
Users can be in as many groups as you want. The thinking behind it is a
little different (instead of different groups having access to a folder
think of one group having access to the folder but users being in
multiple groups) but it allows you to accomplish pretty much the same
thing as with windows. Here's how we do it (as an example):
We have five general access levels with each one associated with a
group.
:level: :primary group: :secondary groups:
sysadmins wheel adm,teachers,staff,users
netmgrs adm teachers,staff,users
teachers teachers staff,users
otherstaff staff users
students users -
By making a user a member not only of their primary group but also a
member in all groups below they will have access at their primary level
and below - or put another way...
Group Name User Names
user joe,cindy,susan,fred,john
staff cindy,susan,fred,john
teacher susan,fred,john
adm fred,john
root john
In the example above the user susan can have access to folders that are
owned by any of three groups. By using secondary group memberships you
can have the finer access control you are looking for. You do then have
the additional task of getting the users into the right groups.
We have come up with a system we call usersync that basically has a
master server downtown running some php scripts against a mysql backend
that generates all the things required to do user management for us on
all the local servers. When we add a system (new server) to usersync all
global users (syadmin,netmgrs and certain others) are automatically
added to the new server. Thereafter users can be added globally to add
them to all existing servers or can be added to just one specific
server. You may or may not need anything that elaborate. We have over 30
elementary buildings all of which are moving to linux pdc's (and some of
the secondary buildings may start moving to linux from win2000 in the
next year too) so we needed something like this. At the time we came up
with this ldap didn't appear to be as viable an option as it has become
more recently. The appearance of ACL's will have a bearing on this in
the future too.
--
Mike Rambo
mrambo at lsd.k12.mi.us
Evolution (n): A hypothetical process whereby infinitely improbable
events occur
with alarming frequency, order arises from chaos, and no one is given
credit.
_______________________________________________
K12OSN mailing list
K12OSN at redhat.com https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>
More information about the K12OSN
mailing list