[K12OSN] SMB-LDAP and allowing Teachers to view Students homedirectories

Julian Yap julian_yap at yahoo.com
Sat Dec 16 01:47:53 UTC 2006 

Just as an update, I tested out using ACL's and it works great! 
Exactly what I was looking for.

Here's a link to some nice documentation:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/File_Systems/ch-acls.html

--- Tom Wolfe <twolfe at sawback.com> wrote:
> Can you use extended attributes/ACLs? I did this with a
> FreeBSD file server
> we use with Active Directory, and though it took some time,
> the permissions
> issues were eliminated.
> Regards,
> Tom Wolfe
> 
> -----Original Message-----
> From: k12osn-bounces at redhat.com
> [mailto:k12osn-bounces at redhat.com] On Behalf
> Of Julian Yap
> Sent: December 14, 2006 01:06
> To: Support list for opensource software in schools.
> Subject: [K12OSN] SMB-LDAP and allowing Teachers to view
> Students
> homedirectories
> 
> Hi all,
> 
> I'm helping with the upgrade of a local school's single
> K12LTSP server
> to using a LDAP server and more K12LTSP labs.
> 
> Currently they have the standard Linux convention for students
> in that
> their user name is the same as their primary group.
> 
> For example:
> uid=1001(student) gid=1001(student) groups=1001(student)
> 
> The Teacher for that Student is then a member of that
> Student's primary
> group:
> uid=2001(teacher) gid=2001(teacher)
> groups=2001(teacher),1001(student)
> 
> A Teacher can than access the Student's home directory as the
> Student's
> home directory's Group permissions are turned on.
> eg.
> $ ls -ld ~student
> drwsrws--- 56 student student 4096 Dec 13 19:35 /home/student
> 
> 
> Here's the rub.  I'm having problems thinking of how this
> would best
> translate to a SMB-LDAP environment.  Both security wise and
> simplicity
> wise.  That is, how can I best allow Teachers the ability to
> access
> Student's home directory files.
> 
> This is an example student in the new system:
> uid=1004(student) gid=513(Domain Users)
> groups=914(Students),513(Domain
> Users)
> 
> This is an example teacher in the new system:
> uid=1005(teacher) gid=513(Domain Users)
> groups=523(Staff),513(Domain
> Users)
> 
> These are the default permissions for a Student's home
> directory:
> $ ls -ld ~student
> drwx------  3 student Domain Users 4096 Dec 13 20:53
> /home/student
> 
> Any help would be great.
> 
> Thanks,
> 
> Julian
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>

More information about the K12OSN mailing list