[K12OSN] Dropbox question
Petre Scheie
petre at maltzen.net
Thu Dec 21 15:30:02 UTC 2006
Burke Almquist wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Dec 20, 2006, at 6:51 PM, Peter Scheie wrote:
>
>> Perhaps I misunderstand the requirements, but how about this:
>>
>> 1. Create a folder under /home called dropbox.
>> 2. Set the owner and group for /home dropbox to the ID & primary group
>> of the teacher.
>> 3. Set the permissions on /home/dropbox to 2777. This will allow the
>> students to put their files into dropbox, and the group for those
>> files will become that of the teacher.
>> 4. Make sure the default umask is 002. This is the default for
>> regular (non-system) users.
>> 5. Create a symlink to /home/dropbox in each student's ~/Desktop/
>> folder. You could put a script in /etc/profile.d/ that looks for the
>> symlink and if it doesn't exist, creates it.
>>
>>
> OR you could simply let student's email the teacher the file. For the
> dropbox scenario, I find this much simpler.
>
> Either way, the problem is that setuid doesn't work on folders, since
> that would create quite the havoc with user quotas.
>
> One mandatory suggestion if you want to do it this way, set the sitcky
> bit, making the permissions 3777. This will prevent students from
> deleting one another's files.
>
Users can't delete each other's files even without setting permissions to 3777 because
the default permissions, as dictated by the umask, set Other to r-x. Even if the folder
the files are being put into is set 777, the files themselves will still be owned by the
student who put them there, and the Other perms will be rx, meaning no other student can
delete those files. Setting the sticky bit for Group on the folder, aka sgid, and
having only the teacher be a member of that group means the teacher and only the teacher
will be able to write (delete) the students files, in addition to reading them, in that
folder. If you don't want the students to be able to even read each others files in
dropbox, set the permissions to 2773 which will make the folder writeable and executable
but not readable for Other, meaning the students.
Petre
More information about the K12OSN
mailing list