[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Re: Dropbox directory permissions



On 3/5/07, Les Mikesell <les futuresource com> wrote:
Robert Arkiletian wrote:
>>
>> I think you are doing this backwards.  If you use the normal RH/fedora
>> scheme where every user has a unique group, all you have to do is add
>> the appropriate teacher(s) to each student's group.  Then the dropbox
>> directory can be wx by all with the sticky bit set and only the teacher
>> and the student who owns it will have access to the file contents.
>>
>
> No, I'm not using the standard RH scheme of giving each person their
> own group. Even if I was setting wx for all still does not prevent a
> kid from copying a file IF they know the filename.

That's under the user's control without any setuid tricks.  Try 'chmod
a-rwx' on the file, or setting umask to 0006 before the copy.  Then no
one but the owner or a group member can access the contents.

Yes, good idea. In fact Dean from http://groups.google.ca/group/bcfosss
gave me a similar solution. Here is his idea:

Ok how about :
chown :teachers /home/inbox
chmod 3773 /home/inbox

This will ensure that group is always teachers for all files in that
folder... Then we need to set the umask to disallow other users read
access.

=== /usr/local/bin/handin ===
#!/bin/sh
umask 027
cp "$1" /home/inbox

and for /tmp he had this idea:

Could try:
setting UMASK to 077 in /etc/login.defs
and temporarily chmod 750 /bin/chmod

--
Robert Arkiletian
Eric Hamber Secondary, Vancouver, Canada
Fl_TeacherTool http://www3.telus.net/public/robark/Fl_TeacherTool/
C++ GUI tutorial http://www3.telus.net/public/robark/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]