[K12OSN] Permissions for students and teachers

[Les Mikesell]

Chuck Kollars wrote:
>>>> Any suggestions how to set up permissions for 
>>>> students and teachers? ... 
>>> Here's my experience when I set up a network file 
>>> storage server for a whole school using Samba a 
>>> couple years ago: ...
>> make a lot of groups with exactly the members you 
>> want so you don't need acls for exceptions. 
> 
> I forgot to say explicitly one fairly important thing
> about my experience: 
> 
> With over a thousand students, producing very detailed
> groups or customizing groups seemed to me like just an
> administrative nightmare.

It's a simple text file and the machine is loaded with tools to 
manipulate lines of text.

  To avoid that, my
> self-imposed working constraint was that all groups
> had to be defined and produced automatically in
> advance then not tweaked, and groups couldn't require
> changing at semester change time. 

I'm curious as to how managing ACLs would be any different.  Don't you 
have to deal with the same set of people - and with fewer tools that 
understand the mechanism?

> (Once you start tweaking group memberships, it's easy
> to make *nix do anything  ...but that _may_ be a can
> of worms you don't want to open.)
> 
> Your mileage may vary. If you don't impose the
> constraint of not having any dependency on scheduling
> information for group definitions and not tweaking
> group memberships nor changing them at the semester,
> my experience with Posix ACLs is irrelevant to your
> situation.

I haven't used Posix ACLs, but what I've seen people do with Windows 
ACLs has been much harder to maintain than group memberships because 
they can be completely arbitrary and tend to be attached to arbitrary 
sets of files.  When things change, they usually try to do recursive 
changes on directories which won't work because the settings were 
per-file, not organized the same all the way down.

-- 
   Les Mikesell
    lesmikesell at gmail.com