[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Dropbox directory permissions

It's not as convenient, but perhaps you could give each student her/his own directory within /home/inbox, with permissions set to 770, and put the teacher into each student's primary group so the teacher can get to the files. Give each student's directory the same name as the student's ID, e.g., bob's directory would be /home/inbox/bob. Modify your script so that is automatically uses the caller's ID to specify the path to the directory. This way, only the student and the teacher have access to that student's work. It would be harder to hunt through all the directories for the students' work, but you could write a script that parses through all those directories and moves any files found to one folder in the teacher's $HOME. Give the teacher an icon to call it with sudo, call it something like "Gather up handed in assignments".



Robert Arkiletian wrote:
mkdir /home/inbox
chmod 1773 /home/inbox  (Not readable by others and sticky bit
prevents overwriting)

But if a clever kid happens to know the filename of another kid

cp /home/inbox/filename ~

unfortunately works. Not good.
My solution:
Write a 1 line bashscript /usr/bin/handin

cp -p $1 /home/inbox/

chgrp teacher /usr/bin/handin
chmod 2755 /usr/bin/handin   (setgid escalate priviliges to teacher group)


chgrp teacher /home/inbox
chmod 1770 /home/inbox

To hand-in a test students go
handin filename

But it does not work. I get

cp: cannot stat `/home/inbox/filename': Permission denied

Why? Apparently, setgid cannot change the group of the process to one
which you don't already belong to. So I have to add the teacher group
to all students, which defeats the purpose. So much for privilege
escalation of setgid. I even tried using setuid.

[root server ~]# ls -ld /home/inbox/
drwxrwx--T  2 root root 4096 Mar  4 16:02 /home/inbox/
[root server ~]# ls -l /usr/bin/handin
-rwsr-xr-x  1 root root 79 Mar  3 14:40 /usr/bin/handin

I get the same stat Permission denied error. Any suggestions?

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]