[K12OSN] Re: Dropbox directory permissions
Robert Arkiletian
robark at gmail.com
Tue Mar 6 07:17:34 UTC 2007
On 3/5/07, Les Mikesell <les at futuresource.com> wrote:
> Robert Arkiletian wrote:
> >>
> >> I think you are doing this backwards. If you use the normal RH/fedora
> >> scheme where every user has a unique group, all you have to do is add
> >> the appropriate teacher(s) to each student's group. Then the dropbox
> >> directory can be wx by all with the sticky bit set and only the teacher
> >> and the student who owns it will have access to the file contents.
> >>
> >
> > No, I'm not using the standard RH scheme of giving each person their
> > own group. Even if I was setting wx for all still does not prevent a
> > kid from copying a file IF they know the filename.
>
> That's under the user's control without any setuid tricks. Try 'chmod
> a-rwx' on the file, or setting umask to 0006 before the copy. Then no
> one but the owner or a group member can access the contents.
Yes, good idea. In fact Dean from http://groups.google.ca/group/bcfosss
gave me a similar solution. Here is his idea:
Ok how about :
chown :teachers /home/inbox
chmod 3773 /home/inbox
This will ensure that group is always teachers for all files in that
folder... Then we need to set the umask to disallow other users read
access.
=== /usr/local/bin/handin ===
#!/bin/sh
umask 027
cp "$1" /home/inbox
and for /tmp he had this idea:
Could try:
setting UMASK to 077 in /etc/login.defs
and temporarily chmod 750 /bin/chmod
--
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/
More information about the K12OSN
mailing list