Sohie wants the cs111 tutors to be able to read the contents of /home/cs111/drop so that they can grade dropped assignments, but not to be able to write to other cs111 files and directories. Currently the drop folder is owned by cs111, so there’s no choice but to give the tutors the cs111 password and allow them to write other files.
My idea is to create a cs111tutor account, make its home directory be the cs111/drop folder. It will then have a separate password. If we put the drop folder in the cs111tutor group, the cs111 tutors will also be able to read the files, but won’t own any of them, so they won’t even be able to modify the permissions. The drop folders can still be owned by cs111, but gid of cs111tutor.
One concern is that /home/cs111/drop is a symlink, not a real directory, but that may not matter.
So:
useradd -c "CS111 tutor has access to drop directory" -d /home/cs111/drop -M -U cs111tutor [root@tempest ~] /usr/bin/passwd cs111tutor Changing password for user cs111tutor. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@tempest ~] cd ~cs111tutor [root@tempest drop] ls -ld . drwxr-xr-x. 2 cs111 cs111 4096 Feb 2 13:44 .
Now, all the elements of the “drop” directory are symlinks, and we can modify the group of a symlink, but that’s not what we want to do. Instead, we want to modify the group of the thing that the simlink is pointing to:
[root@tempest drop] for a in *; do chgrp -R cs111tutor /students/$a/cs111/; done [root@tempest drop] ls[root@tempest drop] su - cs111tutor -bash-4.1$ pwd /home/cs111/drop/ -bash-4.1$ cd egstu/ -bash-4.1$ ls exam2 ps01 ps02 ps03 ps04 ps05 ps06 ps07 ps08 ps09 ps10 ps11 -bash-4.1$ ls -l total 48 dr-xr-s---. 5 egstu cs111tutor 4096 Nov 12 07:20 exam2 drwxr-s---. 4 egstu cs111tutor 4096 Sep 9 17:22 ps01 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps02 drwxr-s---. 3 egstu cs111tutor 4096 Sep 18 18:12 ps03 drwxr-s---. 4 egstu cs111tutor 4096 Sep 30 22:33 ps04 drwxr-s---. 3 egstu cs111tutor 4096 Oct 6 22:33 ps05 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps06 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps07 drwxr-s---. 3 egstu cs111tutor 4096 Oct 30 17:53 ps08 drwxr-s---. 3 egstu cs111tutor 4096 Nov 17 15:37 ps09 drwxr-s---. 4 egstu cs111tutor 4096 Nov 24 11:47 ps10 drwxr-s---. 3 egstu cs111tutor 4096 Dec 4 17:43 ps11 -bash-4.1$logout
We also need to add cs111tutor as a supplementary group for the cs111 user and for Sohie, too:
[root@tempest drop] grep cs111tutor /etc/group cs111tutor:x:6163:cs111,slee [root@tempest drop]
If that works, we should be able to read students’ submissions as cs111:
[root@tempest drop] su - cs111 [cs111@tempest ~] cd ~/drop [cs111@tempest drop] id uid=709(cs111) gid=709(cs111) groups=709(cs111),3740(cs111web),6163(cs111tutor) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [cs111@tempest drop] cd egstu/ [cs111@tempest egstu] ls -l total 48 dr-xr-s---. 3 egstu cs111tutor 4096 Nov 11 21:50 exam2 drwxr-s---. 3 egstu cs111tutor 4096 Sep 8 19:27 ps01 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps02 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps03 drwxr-s---. 3 egstu cs111tutor 4096 Sep 30 21:19 ps04 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps05 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps06 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps07 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps08 drwxr-s---. 3 egstu cs111tutor 4096 Nov 18 20:12 ps09 drwxr-s---. 3 egstu cs111tutor 4096 Nov 25 20:54 ps10 drwxr-s---. 2 egstu cs111tutor 4096 Sep 3 21:00 ps11 [cs111@tempest egstu] cd ps01 [cs111@tempest ps01] ls -l total 4 drwxr-sr-x. 2 egstu cs111tutor 4096 Sep 8 19:27 ps01_programs [cs111@tempest ps01]
It works!
