[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Dropbox question





Burke Almquist wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Dec 20, 2006, at 6:51 PM, Peter Scheie wrote:

Perhaps I misunderstand the requirements, but how about this:

1. Create a folder under /home called dropbox.
2. Set the owner and group for /home dropbox to the ID & primary group of the teacher. 3. Set the permissions on /home/dropbox to 2777. This will allow the students to put their files into dropbox, and the group for those files will become that of the teacher. 4. Make sure the default umask is 002. This is the default for regular (non-system) users. 5. Create a symlink to /home/dropbox in each student's ~/Desktop/ folder. You could put a script in /etc/profile.d/ that looks for the symlink and if it doesn't exist, creates it.


OR you could simply let student's email the teacher the file. For the dropbox scenario, I find this much simpler.

Either way, the problem is that setuid doesn't work on folders, since that would create quite the havoc with user quotas.

One mandatory suggestion if you want to do it this way, set the sitcky bit, making the permissions 3777. This will prevent students from deleting one another's files.

Users can't delete each other's files even without setting permissions to 3777 because the default permissions, as dictated by the umask, set Other to r-x. Even if the folder the files are being put into is set 777, the files themselves will still be owned by the student who put them there, and the Other perms will be rx, meaning no other student can delete those files. Setting the sticky bit for Group on the folder, aka sgid, and having only the teacher be a member of that group means the teacher and only the teacher will be able to write (delete) the students files, in addition to reading them, in that folder. If you don't want the students to be able to even read each others files in dropbox, set the permissions to 2773 which will make the folder writeable and executable but not readable for Other, meaning the students.

Petre



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]