[K12OSN] Dropbox directory permissions
Petre Scheie
petre at maltzen.net
Mon Mar 5 02:59:09 UTC 2007
It's not as convenient, but perhaps you could give each student her/his
own directory within /home/inbox, with permissions set to 770, and put
the teacher into each student's primary group so the teacher can get to
the files. Give each student's directory the same name as the student's
ID, e.g., bob's directory would be /home/inbox/bob. Modify your script
so that is automatically uses the caller's ID to specify the path to the
directory. This way, only the student and the teacher have access to
that student's work. It would be harder to hunt through all the
directories for the students' work, but you could write a script that
parses through all those directories and moves any files found to one
folder in the teacher's $HOME. Give the teacher an icon to call it with
sudo, call it something like "Gather up handed in assignments".
HTH
Petre
Robert Arkiletian wrote:
> mkdir /home/inbox
> chmod 1773 /home/inbox (Not readable by others and sticky bit
> prevents overwriting)
>
> But if a clever kid happens to know the filename of another kid
>
> cp /home/inbox/filename ~
>
> unfortunately works. Not good.
> ==============================
> My solution:
> Write a 1 line bashscript /usr/bin/handin
>
> cp -p $1 /home/inbox/
>
> chgrp teacher /usr/bin/handin
> chmod 2755 /usr/bin/handin (setgid escalate priviliges to teacher group)
>
> now
>
> chgrp teacher /home/inbox
> chmod 1770 /home/inbox
>
> To hand-in a test students go
> handin filename
>
> But it does not work. I get
>
> cp: cannot stat `/home/inbox/filename': Permission denied
>
> Why? Apparently, setgid cannot change the group of the process to one
> which you don't already belong to. So I have to add the teacher group
> to all students, which defeats the purpose. So much for privilege
> escalation of setgid. I even tried using setuid.
>
> [root at server ~]# ls -ld /home/inbox/
> drwxrwx--T 2 root root 4096 Mar 4 16:02 /home/inbox/
> [root at server ~]# ls -l /usr/bin/handin
> -rwsr-xr-x 1 root root 79 Mar 3 14:40 /usr/bin/handin
>
> I get the same stat Permission denied error. Any suggestions?
>
>
More information about the K12OSN
mailing list