Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Folder level semi superuser

7 views
Skip to first unread message

Ravi

unread,
Mar 5, 2005, 8:12:32 AM3/5/05
to
Hi,

I need a way to allow a regular user (non root) (who is typically a
teacher) to be able to access all directories and files of some other
users (typically his students). I could make them all members of the
same group and ensure that all directories and files are
group-readable. However this has the significant disadvantage that one
student can read another's student's data.

I need a mechanism whereby only the teacher will be able to read all
students directories and files but a student cannot read another
student's directories and files. Any simple solution without going in
for ACLs? If not, what is the simplest ACL solution?

Would greatly appreciate help on this issue.

Thanks in advance

Ravi

David Serrano (Hue-Bond)

unread,
Mar 5, 2005, 11:06:51 AM3/5/05
to
Ravi, sáb20050305@14:12:32(CET):

>
> I need a mechanism whereby only the teacher will be able to read all
> students directories and files but a student cannot read another
> student's directories and files.

Make the files <student>.teachers 640, i.e. john's files would be
john.teachers, joe's ones would be joe.teachers and so on. Add teacher users
to group teachers.


--
David Serrano

Moe Trin

unread,
Mar 5, 2005, 6:33:23 PM3/5/05
to
In article <f1481a23.05030...@posting.google.com>, Ravi wrote:

>I need a way to allow a regular user (non root) (who is typically a
>teacher) to be able to access all directories and files of some other
>users (typically his students). I could make them all members of the
>same group and ensure that all directories and files are
>group-readable. However this has the significant disadvantage that one
>student can read another's student's data.

[compton ~]$ ls -ld /path/to/directory
drwx-ws--T 1 teacher students 4096 Mar 4 20:10 /path/to/directory
[compton ~]$

The teacher owns the directory. The students can write to the directory,
and all files created there will have the group ownership set to 'students'
(the 's' flag), but only the person who created the file (each student)
can delete the file (the 'T' flag). The teacher being the owner of the
directory can read the files, and can delete them. The permissions of
this directory (drwx-ws--T) are '3731'. The only problem is that the
students can't see the name of any files created, and they have to use
a unique filename (such as 'studentNNN.quiz.2.answers' - where the NNN
is a student ID number to make the names different).

>I need a mechanism whereby only the teacher will be able to read all
>students directories and files but a student cannot read another
>student's directories and files. Any simple solution without going in
>for ACLs? If not, what is the simplest ACL solution?

Another technique would be to run a script that looks at the contents of
the incoming directory, and MOVES any files to another directory that the
students can't access, then sleeps for N seconds, and repeats..

Old guy

Ravi

unread,
Mar 6, 2005, 11:11:17 PM3/6/05
to
> >
> > I need a mechanism whereby only the teacher will be able to read all
> > students directories and files but a student cannot read another
> > student's directories and files.
>
> Make the files <student>.teachers 640, i.e. john's files would be
> john.teachers, joe's ones would be joe.teachers and so on. Add teacher users
> to group teachers.

Thanks David, But I did not understand making john's files as
john.teachers. (Understood 640 to allow group access).

I am afraid I am not so much into Linux Administration and so may have
missed a simple point.

Are you saying something like this: Maybe we have each student
belonging to two groups : a personal group and a teachers group.
(john, teachers). We then ensure that student's (john's) home
directory and files are group readable and its group is set to
teachers.

This should, I guess solve the problem.

riy...@yahoo.com

unread,
Mar 6, 2005, 11:19:49 PM3/6/05
to
Moe Trin wrote:

>
> [compton ~]$ ls -ld /path/to/directory
> drwx-ws--T 1 teacher students 4096 Mar 4 20:10
/path/to/directory
> [compton ~]$
>

Thanks Moe. This seems to be a good way for students to make assignment
submissions.

David Serrano (Hue-Bond)

unread,
Mar 7, 2005, 3:49:52 PM3/7/05
to
Ravi, Mon20050307@05:11:17(CET):

>
> Thanks David, But I did not understand making john's files as
> john.teachers. (Understood 640 to allow group access).

I meant user john, group teachers.


--
David Serrano

Ravi

unread,
Mar 10, 2005, 10:21:26 PM3/10/05
to
"David Serrano (Hue-Bond)" <responder_sol...@yahoo.es> wrote in message news:<d0iepg$1ki$1...@cormoran.emeteo.local>...

OK, Understood. So there is no need for a private group per user.
I really appreciate your help.

Ravi

0 new messages