[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Dropbox directory permissions

Hash: SHA1

Even better, just do the part where the teacher is a member of the student's primary group, then they can look at anything in the student's home dir. That helps them keep an eye on what the kids are up to. Emailing the completed files to the teacher works well too, assuming that both the students and teachers have email.

On Mar 4, 2007, at 8:59 PM, Petre Scheie wrote:

It's not as convenient, but perhaps you could give each student her/ his own directory within /home/inbox, with permissions set to 770, and put the teacher into each student's primary group so the teacher can get to the files. Give each student's directory the same name as the student's ID, e.g., bob's directory would be /home/ inbox/bob. Modify your script so that is automatically uses the caller's ID to specify the path to the directory. This way, only the student and the teacher have access to that student's work. It would be harder to hunt through all the directories for the students' work, but you could write a script that parses through all those directories and moves any files found to one folder in the teacher's $HOME. Give the teacher an icon to call it with sudo, call it something like "Gather up handed in assignments".



Robert Arkiletian wrote:
mkdir /home/inbox
chmod 1773 /home/inbox  (Not readable by others and sticky bit
prevents overwriting)
But if a clever kid happens to know the filename of another kid
cp /home/inbox/filename ~
unfortunately works. Not good.
My solution:
Write a 1 line bashscript /usr/bin/handin
cp -p $1 /home/inbox/
chgrp teacher /usr/bin/handin
chmod 2755 /usr/bin/handin (setgid escalate priviliges to teacher group)
chgrp teacher /home/inbox
chmod 1770 /home/inbox
To hand-in a test students go
handin filename
But it does not work. I get
cp: cannot stat `/home/inbox/filename': Permission denied
Why? Apparently, setgid cannot change the group of the process to one
which you don't already belong to. So I have to add the teacher group
to all students, which defeats the purpose. So much for privilege
escalation of setgid. I even tried using setuid.
[root server ~]# ls -ld /home/inbox/
drwxrwx--T  2 root root 4096 Mar  4 16:02 /home/inbox/
[root server ~]# ls -l /usr/bin/handin
-rwsr-xr-x  1 root root 79 Mar  3 14:40 /usr/bin/handin
I get the same stat Permission denied error. Any suggestions?

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

Version: GnuPG v1.4.5 (Darwin)


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]