[OpenAFS] File ownership/permissions semantics

Bill Stivers stiversb@ucsc.edu
Tue, 31 Oct 2006 14:41:31 -0800 

On Oct 31, 2006, at 2:24 PM, Christopher D. Clausen wrote:

>
> Since this is run by a script anyway, could you setuid the script  
> and have it kinit and obtain a keytab as some other user with the  
> proper access and have this one trusted account create a file for  
> each user and copies files over as needed?  (Or at a minimum,  
> create proper directory ACLs and allow the student to copy their  
> files directly.)
>
> (I realize you would need one "trusted user" for each class and  
> that might get out of hand.)
>

This could get out of hand, but not so much for our present class  
load, fortunately.

> Alternately, could you have some automated process create the  
> directories and ACL them appropriately ahead of time?  E.g. create  
> a pre-handin script that prepares the handin environment.  It would  
> only need to be run by TAs / instructors to prepare a hadin area  
> for each particular assignment.  This assumes that you have a  
> complete class roster at the time the assignment is issued.  This  
> may or may not be true in your environment.
>

This isn't so good, because until week 4 or 5, the rosters are  
extremely chaotic.  I'd say that the most drops are in that 24 hours  
before deadline closes, but drops aren't as critical to process in a  
timely fashion as adds.

> -----
>
> Or, instead of a push hand-in system, you could have a pull hand-in  
> system.  Have a script copy the data directly out of each students  
> ~id/classnum/assignnum directory at the time it is due.  The  
> student would be responsible for ACLing it appropriately (allow  
> handin script, but not other students,) or the script could run on  
> some trusted machine with full privs to grab the files.
>

I'm particularly liking this as a potential option.  It's a  
fundamental rearchitecting of a decade-old process, but sometimes  
life is better for things to be shaken up some.  I may have to  
implement this.


Thanks for the suggestions, sir!


--B


> <<CDC
> -- 
> Christopher D. Clausen
> ACM@UIUC SysAdmin

---
Bill Stivers
IC Unix Lab and Systems Administrator
University of California at Santa Cruz
stiversb@ucsc.edu
v) 831-459-2472
f) 831-459-2914