Thomas Adam wrote:

--- Tony Whitmore wrote:

...

One approach is to have group ownership of a pupils folder set to the Teacher's group and use the SetGID options on ext3 and create mask functions in Samba to ensure that files and directories are created with

...

permissions to allow the teacher's group access. You could also allow write access in the same manner.

You have to be _extremely_ careful with g+s settings. Note that if we are talking $HOME; having that top-level directory sGID is not something you should do.

The clients in the OPs (and my) case are Windows machines using Samba, so $HOME is not as important an issue as it could be for a Linux system based around NFS. For example, our Debian based storage server authenticates users against our NT domain controller for Samba services, but the users don't have shell access. By setting GID on the user's directory, it ensures that files placed into a user's area by the user or by the Administrator are read/writable by the user. This makes restoring files or helping pupils with problems a reduced-hassle process by enabling pupils to work with files created for them by others. By making teachers members of the group that owns the pupil's directory they could traverse the directories as necessary. You can use share permissions to restrict access to "year shares" to members of staff. As for David's concern about setting this us for 4300 users, we use some scripts to set up and configure these scripts. You can find them at http://www.tonywhitmore.co.uk/scripts. There is one to "suck" all the usernames from the NT domain and create home directories based on a path of /home/$DOMAIN/$PRIMARY_GROUP/$USERNAME. There is another script that sets all the permissions on the directories and files. (It also changes ownership as this is important for quotas to work.) It also creates the home directories for any new users. This is run overnight by cron and takes 10 minutes to process 1300 users and ~30GB data. You might find these a useful starting point for your own situation. A third script is run as a root pre-exec every time a connection is initiated to the Samba server - it creates and configures the home folder if it does not already exist. Useful for late admissions or people who start without notice! Cheers, Tony

As for a teacher view on this thread... at primary level we don't allow any children to have passwords, so the directory access from our point of view is completely supported, if not encouraged for class teachers. Just because pupils *can* login as someone else doesn't mean they should. To put it another way, at primary level, the kids don't use lockers, we don't lock children's draws or sew up coat pockets. We don't have passwords. I appreciate that this may well be different at other keystages!? Just some thoughts. -- Matt Johnson ___________________________________________________________ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com

Wouldn't this allow everyone to see each others home directory? That could add another dimension to copying someones answers.. Plus I'd be extremely cautious about what was being hosted in the way of websites by the dearly beloved clientel. We have enough hassles keeping an eye out on what they're sharing using pen drives, let alone giving them an easier method like their own website. On 6 Oct 2004 at 8:17, Simon Marsden wrote:

Early thoughts on this.

You could set up Apache so that it would browse the users home directory. We have this set up to servername://~username/

Staff could then browse that folder for the pupil they are interested in. Pupils can also use this to set up there own websites.

Another possible solution is to make a link ln - s from the group folder to somewhere on a staff share. If permissions are set to other read execute on the home drives then surely you can browse these from that share.

Early in the morning for me so i probably have missed the plot ;)

regards Simon

On Wednesday 06 October 2004 03:26, David Poleshuck wrote:

...

I would like teachers to be able to see students directories from a Windows machine through Samba--but only directories inside the home directory. Later I want to refine it to only their students.

Teachers are in a group called staff.

Students are in 4 groups (s2005, s2006 etc)

I really don't want all of them on the server itself with root access.

Thanks.

__________________________________ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail

-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com

----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 In the end, we will remember not the words of our enemies, but the silence of our friends. - Martin Luther King Jr. (1929 - 1968)