orignal post:
> Sorry to post this to the list, but we're in a bit of a time-pressure bind.
> In our new SparcII/SunOS4.1.3 (our first & only), two faculty want to have a
> submission directory for student assignments. I thought giving the faculty
> members "rwx" and group student "-wx" would do the job, but this allows
> students to read other students assignments *if* they know/guess the
> filename. Is there a more secure scheme, or perhaps a "standard" submission
> utility which I'm unaware of? The first round of assignments are due in two
> days, and the instructors are understandably a bit miffed.
>
> Any tips would be much appreciated!
Jason Andrade (and several others) suggested writing a perl script. I've
heard good things about perl, and as soon as my O'Reilly books come in, I'll
be sure to give this approach a shot...
Chris Norman (and many others) suggested a SUID script (or C program). One
of our techs talked me out of this approach, something about holes in the
system() call.
Daniel R. Bidwell included the following script:
===========================================================================
We use a script that we have the studens run to tar up their homeowrk
directory and mail it to the professor. I am enclosing it.
----cut here----
#!/bin/sh
#
# sendhw sends the ~$USER/$USER directory to the specified mail address
# (as specified in $1) with the desired subject (as specified in $2)
CLASS=$1
SUBJ=$2
ADDR=$3
# echo '$#='$#
# echo '$*='$*
# echo '$1='$1', CLASS='$CLASS
# echo '$2='$2', SUBJ='$SUBJ
# echo '$3='$3', ADDR='$ADDR
if [ $# != '3' ]
then
echo " "
echo "USAGE: sendhw classname subject mailaddr"
echo " "
echo " classname = name of class (directory) to send"
echo " subject = subject for mail message"
echo " mailaddr = e-mail address to send to"
echo " "
echo " For example:"
echo " "
echo " % sendhw c161 HW1 turk"
echo " "
echo " would send your '$HOME/c161' subdirectory to the 'turk'"
echo " account with the subject 'HW1'."
echo " "
echo " sendhw first tars and compresses the specified directory,"
echo " then uuencodes it, and finally sends it using elm."
echo " "
else
cd
cd $CLASS
make clean
cd ../..
gtar cvfz $HOME/$USER.tz $USER/$CLASS
cd
uuencode $USER.tz $USER.tz >$USER.uu
elm -s$SUBJ $ADDR <$USER.uu
rm $USER.tz $USER.uu
fi
=============================================================================
Kambiz Aghaiepour included the following C program:
=============================================================================
/*
Make the following program setuid root and call it "submit" and tell
your students to run this program with argument being their file for
submission:
*/
#include <stdio.h>
#include <fcntl.h>
#include <sys/stat.h>
#define SUBMITDIR "/tmp/"
main(ac,av)
int ac;
char **av;
{
int fd, src, nbytes;
char *basename, submission[256], line[256];
if (ac != 2) {
fprintf(stderr, "Usage: submit filename\n");
exit(1);
}
if ((src = open(av[1], O_RDONLY)) == -1) {
perror(av[1]);
exit(1);
}
if (basename = (char *)rindex(av[1], '/')) {
basename++;
} else {
basename = av[1];
}
strcpy(submission, SUBMITDIR);
strcat(submission, basename);
if ((fd = open(submission, O_RDONLY))>0) {
fprintf(stderr, "Error: %s has already been submitted\n", basename);
exit(1);
}
if ((fd = open(submission, O_RDWR|O_CREAT)) == -1) {
perror(basename);
exit(1);
}
while (nbytes = read(src, line, 256)) {
write(fd, line, nbytes);
}
close(fd);
close(src);
chmod(submission, 0400);
chown(submission, getuid());
exit(0);
}
===========================================================================
Johan Vromans (AMO) suggested using email. Several suggested using
automatic email handlers. I'd probably try this if I had any previous
experience with such things -- from man pages, I've been able to gleam the
basic idea. The idea of relying on mail to handle security concerns is very
appealing, so others interested in this topic might want to look into this
approach.
Steve Harris suggested the following, which it appears we're going with:
=============================================================================
Setup the assignments directory as follows:
chown faculty.faculty assignments_dir
chmod a+w,g+s,+t assignments_dir
Have the students do a:
chmod g+r,o-rwx assignment_file
on the file after it is copied into the assignments_dir directory (any
student who does not do this is just asking to be screwed by his peers).
The set-gid bit ("chmod g+s") on the directory will cause the assignment files
to be set to the group of the dir, i.e., faculty.
The "chmod g+r" will assure that the faculty group can read the file.
The file will still be owned by the individual student, but the sticky
bit ("chmod +t") on the directory will prevent others from removing it.
Faculty members will have to do a "su faculty" to remove files from the
directory. Keeping the "faculty" password secret may be a problem.
===========================================================================
A few others offered to send me source for client/server submission
packages. If none of the above work out, I'll be sure to contact them
and then try out these packages and re-summarize.
Many thanks to the 100+ folks who took the time to reply -- obviously
this was more than I could have hoped for.
much obliged,
-Bob
bob villielm, programmer/analyst // "As per article IX, section III of UUP's
suny college at new paltz // agreement with the State of New York,
bobv@matrix.newpaltz.edu // notice is hereby given that I am NOT
villielm@snynewvm.bitnet // an institutional spokesperson..."
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:56 CDT