[Samba] A shared space between students and their teacher !!!
Matthew Easton
info at sublunar.com
Sat Jul 9 19:47:28 GMT 2005
On Saturday 09 July 2005 06:56, alaanizar at iihem.ac.ma wrote:
> Hi all,
>
> Last week I implemented samba a sa file server and domain controller for
> more than 150 computers (Win 2000 and XP). Everything is working just fine.
>
> However, computer science faculty wanted a share for each course in which
> students can upload their homework once done and teacher download them for
> correction. Yet, students can have the right to write on that share but not
> delete the work of other students.
What you want is a drop box. A directory that has permisions such that
students can write but not read. The instructor will have to move the file
somewhere else for the student to get it back. Perhaps into the student's
own dropbox.
This will get you started, I don't consider it a complete solution as I''m
dealing only with the unix permissions of the directory-- you'll want to
investigate how it interacts with the samba share directives.
In this scenario, Dr. Smith in addition to any faculty-only group he may be a
member of, is also a member of the cs201 group. (cs201 is a group containing
all students of the cs201 course) -- so he can read and write to the files he
receives.
You create a directory [cs201dropbox] and give ownership to Dr. Smith, and
group ownership to cs201.
[root at localhost home]# mkdir cs201dropbox
[root at localhost home]# chown smith.cs201 cs201dropbox
Change permissions on the directory to restrict access, notice that the group
can write to and pass through the directory (x) but cannot read it:
[root at localhost home]# chmod u=rwx,g=wx,o-rwx cs201dropbox
We can set the sgid bit on the directory. This forces files written to
the directory to be owned by the group of the enclosing directory.
Because "cs201" may not be the primary group of
the person writing to the directory. :
[root at localhost home]# chmod g+s cs201
We set the sticky bit so only the owner of the directory can
change the files.
[root at localhost home]# chmod +t cs201dropbox
So this is what it looks like now. Members of group cs201 can write
but not read the directory. Smith can do anything he wants in the
directory. If you aren't Dr. Smith or a member of cs201, you can't
do anything. (well superuser is still superuser):
[root at localhost home]# ls -ld cs201dropbox
drwx-ws--T 5 smith cs201 4096 Jul 9 11:25 cs201dropbox
If you blindly write to the directory and a file of the same name
exists, you will be told you can't do it, so change the file name and
you can write.
I should point out that you can use the suid bit to force ownership instead
of, or in addition to, the sgid bit.
Now that you have the underlying permissions sorted out, you can address the
samba side.
More information about the samba
mailing list