[K12OSN] Dropbox question

Petre Scheie petre at maltzen.net
Thu Dec 21 15:30:02 UTC 2006 


Burke Almquist wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Dec 20, 2006, at 6:51 PM, Peter Scheie wrote:
> 
>> Perhaps I misunderstand the requirements, but how about this:
>>
>> 1. Create a folder under /home called dropbox.
>> 2. Set the owner and group for /home dropbox to the ID & primary group 
>> of the teacher.
>> 3. Set the permissions on /home/dropbox to 2777.  This will allow the 
>> students to put their files into dropbox, and the group for those 
>> files will become that of the teacher.
>> 4. Make sure the default umask is 002.  This is the default for 
>> regular (non-system) users.
>> 5.  Create a symlink to /home/dropbox in each student's ~/Desktop/ 
>> folder.  You could put a script in /etc/profile.d/ that looks for the 
>> symlink and if it doesn't exist, creates it.
>>
>>
> OR you could simply let student's email the teacher the file. For the 
> dropbox scenario, I find this much simpler.
> 
> Either way, the problem is that setuid doesn't work on folders, since 
> that would create quite the havoc with user quotas.
> 
> One mandatory suggestion if you want to do it this way, set the sitcky 
> bit, making the permissions 3777. This will prevent students from 
> deleting one another's files.
> 
Users can't delete each other's files even without setting permissions to 3777 because 
the default permissions, as dictated by the umask, set Other to r-x.  Even if the folder 
the files are being put into is set 777, the files themselves will still be owned by the 
student who put them there, and the Other perms will be rx, meaning no other student can 
delete those files.  Setting the sticky bit for Group on the folder, aka sgid, and 
having only the teacher be a member of that group means the teacher and only the teacher 
will be able to write (delete) the students files, in addition to reading them, in that 
folder.  If you don't want the students to be able to even read each others files in 
dropbox, set the permissions to 2773 which will make the folder writeable and executable 
but not readable for Other, meaning the students.

Petre

More information about the K12OSN mailing list