Re: set of access permissions (for exams)

To: Andreas Schuldei <andreas@schuldei.org>
Cc: Debian Edu Mailinglist <debian-edu@lists.debian.org>
Subject: Re: set of access permissions (for exams)
From: Finn-Arne Johansen <faj@bzz.no>
Date: Sun, 30 Jan 2005 09:09:32 +0100
Message-id: <[🔎] 20050130080932.GB26933@bzzware.org>
Mail-followup-to: Andreas Schuldei <andreas@schuldei.org>, Debian Edu Mailinglist <debian-edu@lists.debian.org>
In-reply-to: <[🔎] 20050130063345.GA10848@master.hbg-bremen.de>
References: <[🔎] 20050130063345.GA10848@master.hbg-bremen.de>

On Sun, Jan 30, 2005 at 07:33:45AM +0100, Andreas Schuldei wrote:
> Here at the developer gathering i spend some time starting to integrate
> the exam scripts that finnarne wrote for Ulstud school here in Oslo into
> WLUS.
> 
> This exam mode is not geared towards making cheating impossible, but to
> make it necessary that users do it consciously, if at all.
> 
> now his scripts depend on some clever access permissions to the home
> directories to be in place. I am aware that other schools have different
> access permissions. the question now is what other schools use and how
> to make this configurable in the exam module. 
> 
> Could you give a short description of what your clever permissions look
> like and why you chose that layout?
> 
> finnarne, would you describe your layout here, too? i might make
> mistakes reproduce it here.

On Ulsrud, there is separate partitions for each student, for teachers
, for web-pages, for project stuff and also one for temporary stuff
that gets deleted after a couble of days. 

/skole/tjener/home0       #This is for dummy users
/skole/tjener/class05     # those who graduate this year
/skole/tjener/class06     # those who graduate next year
/skole/tjener/class07     # ...
/skole/tjener/teachers    # for teachers
/skole/tjener/admins      # for ict staff
/skole/tjener/web         # for putting things on the web
/skole/tjener/project     # for project
/skole/tjener/2days       # delete everything that is more than 5days

All theese belongs to the root user, and the group common. 
root have full access, the group common have write and execute
 drwxr-x--- root common ....

then there is one more shared folder that is owned by the group exam
 drwxr-x--- root exam /skole/tjener/exam

when there is an exam or a test where the students are not allowed to
communicate or user their old files and stuff, they are removed from
the group common and added to the group exam
ldap is updated and their home directories are set to be
/skole/tjener/exam/<username>
the permission on this directory is 
drwxr-x--- <username>:teachers

there are some checks that are done during the creating and moving for
existing homedirs and that they dont are in exam and stuff. 

In addition, there are some stuff using iptables to block the computers
they are on from accessing the web server, ssh and stuff, and that they
cant access internet if they shouldnt be allowed)

-- 
Finn-Arne Johansen 
faj@bzz.no
http://bzz.no/

Reply to:

Follow-Ups:
- Re: set of access permissions (for exams)
  - From: "C. Gatzemeier" <c.gatzemeier@tu-bs.de>

References:
- set of access permissions (for exams)
  - From: Andreas Schuldei <andreas@schuldei.org>

Prev by Date: set of access permissions (for exams)
Next by Date: Re: set of access permissions (for exams)
Previous by thread: set of access permissions (for exams)
Next by thread: Re: set of access permissions (for exams)
Index(es):
- Date
- Thread