[K12OSN] Dropbox directory permissions

Petre Scheie petre at maltzen.net
Mon Mar 5 02:59:09 UTC 2007 

It's not as convenient, but perhaps you could give each student her/his 
own directory within /home/inbox, with permissions set to 770, and put 
the teacher into each student's primary group so the teacher can get to 
the files.  Give each student's directory the same name as the student's 
ID, e.g., bob's directory would be /home/inbox/bob.  Modify your script 
so that is automatically uses the caller's ID to specify the path to the 
directory.  This way, only the student and the teacher have access to 
that student's work.  It would be harder to hunt through all the 
directories for the students' work, but you could write a script that 
parses through all those directories and moves any files found to one 
folder in the teacher's $HOME.  Give the teacher an icon to call it with 
sudo, call it something like "Gather up handed in assignments".

HTH

Petre

Robert Arkiletian wrote:
> mkdir /home/inbox
> chmod 1773 /home/inbox  (Not readable by others and sticky bit
> prevents overwriting)
> 
> But if a clever kid happens to know the filename of another kid
> 
> cp /home/inbox/filename ~
> 
> unfortunately works. Not good.
> ==============================
> My solution:
> Write a 1 line bashscript /usr/bin/handin
> 
> cp -p $1 /home/inbox/
> 
> chgrp teacher /usr/bin/handin
> chmod 2755 /usr/bin/handin   (setgid escalate priviliges to teacher group)
> 
> now
> 
> chgrp teacher /home/inbox
> chmod 1770 /home/inbox
> 
> To hand-in a test students go
> handin filename
> 
> But it does not work. I get
> 
> cp: cannot stat `/home/inbox/filename': Permission denied
> 
> Why? Apparently, setgid cannot change the group of the process to one
> which you don't already belong to. So I have to add the teacher group
> to all students, which defeats the purpose. So much for privilege
> escalation of setgid. I even tried using setuid.
> 
> [root at server ~]# ls -ld /home/inbox/
> drwxrwx--T  2 root root 4096 Mar  4 16:02 /home/inbox/
> [root at server ~]# ls -l /usr/bin/handin
> -rwsr-xr-x  1 root root 79 Mar  3 14:40 /usr/bin/handin
> 
> I get the same stat Permission denied error. Any suggestions?
> 
>

More information about the K12OSN mailing list