[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Dropbox directory permissions



It is about as basic as you can get.  I created a script called copy_files_to_dropbox and put it /usr/sbin with a+x permissions.

The launcher executes the script passing the filename to the script.  Then, neglecting the code for popping up the confirmation window, the script presently is just

chmod 755 $1
cp $1 /Dropbox_directory/.

The confirmation window simply says the file was copied after testing that the file exists, but I forget the exact syntax. See Eric's push_icons script since that is what I used as the basis for it.

There are probably all kinds of reasons to worry permissions on the student's files and such, but in our 5-8 environment, I haven't worried too much about them (yet?).  And, I have backups so anything over 24 hours old is archived (via rsync) and then NFS mounted (ro with permissions retained) with another desktop icon (called backups) showing so the user can browse to an old file if needed.

Sincerely,
Dave Hopkins


On 3/5/07, Petre Scheie <petre maltzen net> wrote:
Just out of curiousity and for the record, could you post the script your icon launches?
   I've done some similar things, but I always like to see how others do it.  Thanks.

Petre

David Hopkins wrote:
> The way I have handled this is I put a icon (application) on every
> students desktop which they drag the file to.  This launches a script
> that sets the permissions of the file to 755 and then copies it to the
> drop box folder.  It pops up a message box saying the file was copied
> successfully (visual feedback is nice).  Haven't yet experimented with
> having the script determine which class a student is in and consequently
> which dropbox subfolder to copy to.  Otherwise, the directory
> permissions is set as James mentioned. which makes it a one-way trip for
> the students' files.  It seems to work ok at present.
>
> Sincerely,
> Dave Hopkins
>
>
> On 3/4/07, *James P. Kinney III* <jkinney localnetsolutions com
> <mailto: jkinney localnetsolutions com> > wrote:
>
>     OK. A quick test was done.
>
>     Make the directory group writeable and set the file mask for that
>     directory to make all files -w- for the group. The teacher can still
>     read and move the files but students can only drop them. They can't copy
>     them or list them.
>
>     Anything a bunch of kids can dream up, a dedicated bunch of old farts
>     can squash.
>
>     :)
>
>     On Sun, 2007-03-04 at 20:59 -0600, Petre Scheie wrote:
>      > It's not as convenient, but perhaps you could give each student
>     her/his
>      > own directory within /home/inbox, with permissions set to 770,
>     and put
>      > the teacher into each student's primary group so the teacher can
>     get to
>      > the files.  Give each student's directory the same name as the
>     student's
>      > ID, e.g., bob's directory would be /home/inbox/bob.  Modify your
>     script
>      > so that is automatically uses the caller's ID to specify the path
>     to the
>      > directory.  This way, only the student and the teacher have access to
>      > that student's work.  It would be harder to hunt through all the
>      > directories for the students' work, but you could write a script that
>      > parses through all those directories and moves any files found to one
>      > folder in the teacher's $HOME.  Give the teacher an icon to call
>     it with
>      > sudo, call it something like "Gather up handed in assignments".
>      >
>      > HTH
>      >
>      > Petre
>      >
>      > Robert Arkiletian wrote:
>      > > mkdir /home/inbox
>      > > chmod 1773 /home/inbox  (Not readable by others and sticky bit
>      > > prevents overwriting)
>      > >
>      > > But if a clever kid happens to know the filename of another kid
>      > >
>      > > cp /home/inbox/filename ~
>      > >
>      > > unfortunately works. Not good.
>      > > ==============================
>      > > My solution:
>      > > Write a 1 line bashscript /usr/bin/handin
>      > >
>      > > cp -p $1 /home/inbox/
>      > >
>      > > chgrp teacher /usr/bin/handin
>      > > chmod 2755 /usr/bin/handin   (setgid escalate priviliges to
>     teacher group)
>      > >
>      > > now
>      > >
>      > > chgrp teacher /home/inbox
>      > > chmod 1770 /home/inbox
>      > >
>      > > To hand-in a test students go
>      > > handin filename
>      > >
>      > > But it does not work. I get
>      > >
>      > > cp: cannot stat `/home/inbox/filename': Permission denied
>      > >
>      > > Why? Apparently, setgid cannot change the group of the process
>     to one
>      > > which you don't already belong to. So I have to add the teacher
>     group
>      > > to all students, which defeats the purpose. So much for privilege
>      > > escalation of setgid. I even tried using setuid.
>      > >
>      > > [ root server ~]# ls -ld /home/inbox/
>      > > drwxrwx--T  2 root root 4096 Mar  4 16:02 /home/inbox/
>      > > [root server ~]# ls -l /usr/bin/handin
>      > > -rwsr-xr-x  1 root root 79 Mar  3 14:40 /usr/bin/handin
>      > >
>      > > I get the same stat Permission denied error. Any suggestions?
>      > >
>      > >
>      >
>      > _______________________________________________
>      > K12OSN mailing list
>      > K12OSN redhat com <mailto:K12OSN redhat com>
>      > https://www.redhat.com/mailman/listinfo/k12osn
>      > For more info see < http://www.k12os.org>
>     --
>     James P. Kinney III
>     CEO & Director of Engineering
>     Local Net Solutions,LLC
>     770-493-8244
>     http://www.localnetsolutions.com <http://www.localnetsolutions.com >
>
>     GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
>     <jkinney localnetsolutions com <mailto: jkinney localnetsolutions com>>
>     Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
>
>     _______________________________________________
>     K12OSN mailing list
>     K12OSN redhat com <mailto:K12OSN redhat com>
>     https://www.redhat.com/mailman/listinfo/k12osn
>     <https://www.redhat.com/mailman/listinfo/k12osn>
>     For more info see <http://www.k12os.org >
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org >

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]