Re: set of access permissions (for exams)
On Sun, Jan 30, 2005 at 07:33:45AM +0100, Andreas Schuldei wrote:
> Here at the developer gathering i spend some time starting to integrate
> the exam scripts that finnarne wrote for Ulstud school here in Oslo into
> This exam mode is not geared towards making cheating impossible, but to
> make it necessary that users do it consciously, if at all.
> now his scripts depend on some clever access permissions to the home
> directories to be in place. I am aware that other schools have different
> access permissions. the question now is what other schools use and how
> to make this configurable in the exam module.
> Could you give a short description of what your clever permissions look
> like and why you chose that layout?
> finnarne, would you describe your layout here, too? i might make
> mistakes reproduce it here.
On Ulsrud, there is separate partitions for each student, for teachers
, for web-pages, for project stuff and also one for temporary stuff
that gets deleted after a couble of days.
/skole/tjener/home0 #This is for dummy users
/skole/tjener/class05 # those who graduate this year
/skole/tjener/class06 # those who graduate next year
/skole/tjener/class07 # ...
/skole/tjener/teachers # for teachers
/skole/tjener/admins # for ict staff
/skole/tjener/web # for putting things on the web
/skole/tjener/project # for project
/skole/tjener/2days # delete everything that is more than 5days
All theese belongs to the root user, and the group common.
root have full access, the group common have write and execute
drwxr-x--- root common ....
then there is one more shared folder that is owned by the group exam
drwxr-x--- root exam /skole/tjener/exam
when there is an exam or a test where the students are not allowed to
communicate or user their old files and stuff, they are removed from
the group common and added to the group exam
ldap is updated and their home directories are set to be
the permission on this directory is
there are some checks that are done during the creating and moving for
existing homedirs and that they dont are in exam and stuff.
In addition, there are some stuff using iptables to block the computers
they are on from accessing the web server, ssh and stuff, and that they
cant access internet if they shouldnt be allowed)