LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-23-2008, 09:07 PM   #16
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30

Quote:
Originally Posted by matthewg42 View Post
I'd like to add that the script there is really not programmed defensively. The only advantage over an suid script is that the people who are able to run it cannot look inside it to see what is happening, at least not directly (maybe they can trick it into printing itself).

Also, all graders are implicitly trusted not to mess with the student's files in a malicious way. There is no mechanism for the students to show that what has been marked is what they submitted. You could add some sort of signing or checksumming scheme for that I guess, where the student gets a sort of receipt which can be checked against what has been marked. That's a bit sinister though if you ask me - if the student cannot trust the grader, he/she is screwed either way.
Quite right

Ok, I'm sure one of those things will work.

What I was currently trying is being held up because students can't change the owner or group for the file except to a group they are already part of which is no help (stupid of me to think they could).

However, there is that sticky bit that was mentioned. I've heard of how I can have them dump something in a directory whereupon it will immediately change owners due to the sticky bit. That would definitely get me where I need to be.

The only thing better is if I could get sudoers working (it's amazing how terrible the examples for sudoers are on the web).

------------

Btw, first half of the Saints game is over... Saints defense actually looked good for once so I'm in a good mood. It was mostly three and outs and the Bengals ultimately didn't score a single point (and looking at last year's record, they should have a pretty good offense). Now if I can just finish this program, there's a chance my Saturday night might even get better!
 
Old 08-23-2008, 09:25 PM   #17
davidstvz
Member
 
Registered: Jun 2008
Posts: 405

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Mr. C. View Post
Add this to your /etc/sudoers file, tailoring to your needs:
Code:
Cmnd_Alias       GRADEPROGS = /full/path/to/submission_prog, /full/path/to/other_prog
Runas_Alias      GRADEUSER  = grader
%students        ALL = (GRADEUSER) NOPASSWD: GRADEPROGS
* Change students to the group in which all students are members.
* Change the Cmnd_Alias paths to a comma-separated list of full path names to your submission/deletion program(s).
* Change grader to the grader's group.

Students then submit as:

Code:
sudo -u grader /full/path/to/submission_prog args.
This totally works. Thanks dude! And would you know it, a working example goes much further than a 10 page manual in helping me to understand how the sudo command works with the visudo file.
 
Old 08-24-2008, 09:43 AM   #18
estabroo
Senior Member
 
Registered: Jun 2008
Distribution: debian, ubuntu, sidux
Posts: 1,117
Blog Entries: 2

Rep: Reputation: 113Reputation: 113
You could use an ftp server to make a dropbox.
 
Old 08-24-2008, 10:06 AM   #19
Takla
Member
 
Registered: Aug 2006
Distribution: Debian
Posts: 188

Rep: Reputation: 33
There's an application called "super"

Quote:
Super(1) is a setuid-root program that offers

o restricted setuid-root access to executables, adjustable
on a per-program and per-user basis;

o a relatively secure environment for scripts, so that well-written
scripts can be run as root (or some other uid/gid), without
unduly compromising security.

Sample uses:
- to call a script that allows users to use mount(8) on
cdrom's or floppy disks, but not other devices.

- to restrict which users, on which hosts, may execute a
setuid-root program.

- to call a script that allows users to send STOP/CONT
signals to certain jobs, but not others.

- to allow groups of trusted users (e.g. an "operator" group) complete
root access to sets of selected commands such as, say, line-printer
control commands, without giving away access to other commands,
and with full logging of all commands used.
It's probably in your distro repositories but if not you can obtain it from ftp://ftp.ucolick.org/pub/users/will/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off




All times are GMT -5. The time now is 06:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration