[K12OSN] Dropbox directory permissions

David Hopkins dahopkins429 at gmail.com
Mon Mar 5 16:17:50 UTC 2007 

It is about as basic as you can get.  I created a script called
copy_files_to_dropbox and put it /usr/sbin with a+x permissions.

The launcher executes the script passing the filename to the script.  Then,
neglecting the code for popping up the confirmation window, the script
presently is just

chmod 755 $1
cp $1 /Dropbox_directory/.

The confirmation window simply says the file was copied after testing that
the file exists, but I forget the exact syntax. See Eric's push_icons script
since that is what I used as the basis for it.

There are probably all kinds of reasons to worry permissions on the
student's files and such, but in our 5-8 environment, I haven't worried too
much about them (yet?).  And, I have backups so anything over 24 hours old
is archived (via rsync) and then NFS mounted (ro with permissions retained)
with another desktop icon (called backups) showing so the user can browse to
an old file if needed.

Sincerely,
Dave Hopkins


On 3/5/07, Petre Scheie <petre at maltzen.net> wrote:
>
> Just out of curiousity and for the record, could you post the script your
> icon launches?
>    I've done some similar things, but I always like to see how others do
> it.  Thanks.
>
> Petre
>
> David Hopkins wrote:
> > The way I have handled this is I put a icon (application) on every
> > students desktop which they drag the file to.  This launches a script
> > that sets the permissions of the file to 755 and then copies it to the
> > drop box folder.  It pops up a message box saying the file was copied
> > successfully (visual feedback is nice).  Haven't yet experimented with
> > having the script determine which class a student is in and consequently
> > which dropbox subfolder to copy to.  Otherwise, the directory
> > permissions is set as James mentioned. which makes it a one-way trip for
> > the students' files.  It seems to work ok at present.
> >
> > Sincerely,
> > Dave Hopkins
> >
> >
> > On 3/4/07, *James P. Kinney III* <jkinney at localnetsolutions.com
> > <mailto:jkinney at localnetsolutions.com> > wrote:
> >
> >     OK. A quick test was done.
> >
> >     Make the directory group writeable and set the file mask for that
> >     directory to make all files -w- for the group. The teacher can still
> >     read and move the files but students can only drop them. They can't
> copy
> >     them or list them.
> >
> >     Anything a bunch of kids can dream up, a dedicated bunch of old
> farts
> >     can squash.
> >
> >     :)
> >
> >     On Sun, 2007-03-04 at 20:59 -0600, Petre Scheie wrote:
> >      > It's not as convenient, but perhaps you could give each student
> >     her/his
> >      > own directory within /home/inbox, with permissions set to 770,
> >     and put
> >      > the teacher into each student's primary group so the teacher can
> >     get to
> >      > the files.  Give each student's directory the same name as the
> >     student's
> >      > ID, e.g., bob's directory would be /home/inbox/bob.  Modify your
> >     script
> >      > so that is automatically uses the caller's ID to specify the path
> >     to the
> >      > directory.  This way, only the student and the teacher have
> access to
> >      > that student's work.  It would be harder to hunt through all the
> >      > directories for the students' work, but you could write a script
> that
> >      > parses through all those directories and moves any files found to
> one
> >      > folder in the teacher's $HOME.  Give the teacher an icon to call
> >     it with
> >      > sudo, call it something like "Gather up handed in assignments".
> >      >
> >      > HTH
> >      >
> >      > Petre
> >      >
> >      > Robert Arkiletian wrote:
> >      > > mkdir /home/inbox
> >      > > chmod 1773 /home/inbox  (Not readable by others and sticky bit
> >      > > prevents overwriting)
> >      > >
> >      > > But if a clever kid happens to know the filename of another kid
> >      > >
> >      > > cp /home/inbox/filename ~
> >      > >
> >      > > unfortunately works. Not good.
> >      > > ==============================
> >      > > My solution:
> >      > > Write a 1 line bashscript /usr/bin/handin
> >      > >
> >      > > cp -p $1 /home/inbox/
> >      > >
> >      > > chgrp teacher /usr/bin/handin
> >      > > chmod 2755 /usr/bin/handin   (setgid escalate priviliges to
> >     teacher group)
> >      > >
> >      > > now
> >      > >
> >      > > chgrp teacher /home/inbox
> >      > > chmod 1770 /home/inbox
> >      > >
> >      > > To hand-in a test students go
> >      > > handin filename
> >      > >
> >      > > But it does not work. I get
> >      > >
> >      > > cp: cannot stat `/home/inbox/filename': Permission denied
> >      > >
> >      > > Why? Apparently, setgid cannot change the group of the process
> >     to one
> >      > > which you don't already belong to. So I have to add the teacher
> >     group
> >      > > to all students, which defeats the purpose. So much for
> privilege
> >      > > escalation of setgid. I even tried using setuid.
> >      > >
> >      > > [root at server ~]# ls -ld /home/inbox/
> >      > > drwxrwx--T  2 root root 4096 Mar  4 16:02 /home/inbox/
> >      > > [root at server ~]# ls -l /usr/bin/handin
> >      > > -rwsr-xr-x  1 root root 79 Mar  3 14:40 /usr/bin/handin
> >      > >
> >      > > I get the same stat Permission denied error. Any suggestions?
> >      > >
> >      > >
> >      >
> >      > _______________________________________________
> >      > K12OSN mailing list
> >      > K12OSN at redhat.com <mailto:K12OSN at redhat.com>
> >      > https://www.redhat.com/mailman/listinfo/k12osn
> >      > For more info see < http://www.k12os.org>
> >     --
> >     James P. Kinney III
> >     CEO & Director of Engineering
> >     Local Net Solutions,LLC
> >     770-493-8244
> >     http://www.localnetsolutions.com <http://www.localnetsolutions.com>
> >
> >     GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> >     <jkinney at localnetsolutions.com <mailto:jkinney at localnetsolutions.com
> >>
> >     Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
> >
> >     _______________________________________________
> >     K12OSN mailing list
> >     K12OSN at redhat.com <mailto:K12OSN at redhat.com>
> >     https://www.redhat.com/mailman/listinfo/k12osn
> >     <https://www.redhat.com/mailman/listinfo/k12osn>
> >     For more info see <http://www.k12os.org>
> >
> >
> >
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070305/2074e0cb/attachment.htm>

More information about the K12OSN mailing list