[K12OSN] Managing identical logins...
Tom Lisjac
netdxr at gmail.com
Thu Feb 3 05:36:32 UTC 2005
On Wed, 02 Feb 2005 20:08:45 -0500, David Trask
<dtrask at vcs.u52.k12.me.us> wrote:
> "Support list for opensource software in schools." <k12osn at redhat.com> on
> Wednesday, February 2, 2005 at 5:39 PM +0000 wrote:
> >On Wed, 2005-02-02 at 15:57, Tom Lisjac wrote:
> >> >
> >> > But if they have been using Windows file sharing permissions, then
> >they must have to log in as a unique user at some point, no?
> >>
> >> No.
> >>
> >> Simultaneous logins using the same account is possible. The same is
> >> true with Linux.
> >
> >If you are willing to accept anyone being able to delete, copy or
> >overwrite anyone else's work... That doesn't sound reasonable in
> >a hostile environment like a school.
Kids sharing a physical classroom can steal each other's books and
look over the shoulders of others. The network equivalent of this
hasn't been a problem for us compared to the virtually impossible task
of managing thousands of individual student accounts.
> Let me ask this....what version of Windows? 98, 2000, XP?
All three.
>Are you using a domain or simply using workgroups.
Domain.
>Are you creating the individual student folders one by one?
We are not creating individual accounts... we create a single account
per class. I thought I'd made that very clear from my first and all
subsequent postings.
> Are students the ONLY ones able to create and
> delete files in their own folder?
Class members have full rights to the class share. We have not had
problems with them deleting, stealing or modifying the work of others
in their class. I am not recommending this to other school systems...
it's just the policy I was handed that also seems to work well in our
district. I'm a techie, not a policy maker. ;o)
> If so then how can you have truly
> individual permissions if you don't have individual logins? Either we're
> missing something or you've managed to do the impossible.
I never said that individual logons had individual rights... a single
class login is shared by a single class of 20 to 30 kids.
> The only other
> thing I can imagine you're doing is that users log on to the machine with
> a common user account and then connect to a share where they are prompted
> to enter another more specific username and password.
The class login has modify access to the entire class share. A class
does not have rights to modify the share of another class.
> Can you describe
> from start to finish how you are supposedly having students able to log in
> with a common user account, yet save to a totally individual folder that
> no other students can add and delete from? Maybe we're missing something
> here.....
I never claimed that individuals using a common login had individual
rights... that would be quite a trick! :) I'm not sure how that idea
found it's way into this thread but I apologize if I wasn't clear in
my earlier postings.
Again, I'd like to thank everyone for their suggestions I'm currently
working on a simple hack of the winbind template homedir code to
support the login and security model that we're looking for. I'll post
the results when I've got something useful to share.
-Tom
More information about the K12OSN
mailing list