Fwd: Program to address teacher's need of managing student users' permissions
Néstor
nestorac at gmail.com
Mon Feb 16 23:47:22 UTC 2009
Sorry, now with a copy to the mailing list, It's my fault.
---------- Forwarded message ----------
From: Néstor <nestorac at gmail.com>
Date: Tue, Feb 17, 2009 at 12:45 AM
Subject: Re: Program to address teacher's need of managing student
users' permissions
To: David Groos <djgroos at gmail.com>
Hello again, David. I answer you below.
On Mon, Feb 16, 2009 at 4:33 PM, David Groos <djgroos at gmail.com> wrote:
> Hi Nestor,
>
> On Sun, Feb 15, 2009 at 8:45 AM, Néstor <nestorac at gmail.com> wrote:
>>
>> Hi again, David,
>>
>> I understand you. Well, I think that the best way to do it is to fix
>> the bugs on Sabayon if that works for you. Is Sabayon what you are
>> looking for? If you send me those errors, I'm maybe able to correct
>> them for you and also post them on Ubuntu Launchpad to be corrected in
>> mainstream. Or maybe others can do the task if I'm not able to. Of
>> course, you can also take al look by yourself at Launchpad and send
>> these errors, maybe others can help you also.
>
> I agree that that we (classroom edubuntu users) NEED a Sabayon-like
> user/group management solution. I also agree that supporting what's already
> created instead of re-inventing the wheel is often the best strategy. While
> I need a solution yesterday, from all I hear, Sabayon is a really nice
> product (I think that someone said its 'the cat's meow' :-). So sure, let's
> work on that and I'll help, I'll need guidance and I appreciate your offer
> of this. Since the timeline on this is unknown, I'm still hoping for some
> help with the short-term/simple solution of a CLI app.
I'm going to take a look at this ASAP, so I comment you on any bugs
that I'm able to find, and possible solutions. Tomorrow afternoon I
won't be working nor studying, so it's maybe a good moment for it. But
it can take a bit long!! I don't really know, it depends on what I
find. I'm telling you.
>>
>> I understand that you want to allow execution for only a handful of
>> people. Well, this might be easier than you think: it's only needed to
>> change executables's permissions, install only the needed software,
>
> While certainly at first, not all students will have access to all SW, that
> is the goal, thus I need all the Edubuntu SW available.
>>
>> and do it from a script, so you can run it again when updating the
>> system and the like. Be careful, because you can only prevent people
>> from using some GUI tools. Usually, TUI (Text Use Interface) tools are
>> needed by many Gnome applications, so you can't deny access to them
>> (eg: cp, ls, nano, ifconfig and the like).
>
> Couldn't we just deny access to Terminal? My class and most mainstream
> classes are not programming classes but science or geography or language
> classes so students have no need for terminal (or at least can do quite well
> w/out it).
Yes, you can disallow access to the terminal, but you would also have
to deny access to virtual terminals, and this is a complicated thing
in practice, because it's used quite often. In fact, this does not
prevent someone from executing his own piece of software compiled
statically -which can simply be a terminal-. Or just trick the system
to be given access to a terminal, or something similar. Anyways, Linux
is prepared for this, so no extra care needs to be taken normally,
except to prevent users from damaging themselves. Nobody can harm the
system as a user, no matter which software he executes on that
machine. If it wasn't like that, it should be considered a bug, and
thus, corrected promptly.
>>
>> For example, a script like:
>>
>> ******
>>
>> #!/bin/bash
>>
>> chown root:firefox /usr/lib/firefox-3.0.6/firefox.sh
>> chmod o-rx /usr/lib/firefox-3.0.6/firefox.sh
>>
>> ******
>>
>> Then, you create the group firefox, add all the users needed to this
>> group, execute the script and voilá!! Of course, you can make better
>> scripts, but to start, it's not bad. For example, when you update
>> Firefox, the directory could change to 3.0.7, so the script could
>> detect the destination of the stable symbolic link /usr/bin/firefox to
>> that file automatically.
>
> Cool. Ideally I want a group called, 'level1' which would then become the
> group for all the apps for students who are at, 'level 1' permissions,
> another group 'level2' which includes those apps and others and so on up to
> level 3 or 4. The idea is given a bit more detail here:
> https://wiki.ubuntu.com/ManageGroups So, if one wanted firefox to be used
> by level2, would the script look like this:
>
> #!/bin/bash
>
> chown root:level2 /usr/lib/firefox-3.0.6/firefox.sh
> chmod o-rx /usr/lib/firefox-3.0.6/firefox.sh
>>
>>
>> Edubuntu has no problems with viruses at all, like any other GNU/Linux
>> system. That does not mean it's not possible to damage any information
>> accidentally, it only means that, given the way things work on Linux,
>> it's not possible that users do things without noticing, like it is in
>> other OSes. They would have to allow the virus to do it's job by
>> hand!!! I have never had any problems with viruses on my Linux (in 13
>> years), BUT if you share information (emails, pendrives and the like)
>> between OSes, Linux can be used as a vehicle for those viruses, and
>> that problem if very common in practice. Even if they won't cause any
>> trouble on Linux directly, they can harm other OSes. For example, if
>> someone copies many Windows executable files from a pendrive into
>> Linux and one of them is infected, he/she won't be able to execute
>> them and the virus, apparently, cannot spread (even if that person
>> emulates the application with wine, only damage to her home directory
>> can be done, and usually this is not what viruses are designed to do).
>> But if that person then sends them by email, another computer with
>> Windows could get infected. The problem is bigger that it seems,
>> because viruses could pass without noticing from Linux to Windows, and
>> infect those machines. And for many [ignorant] people it will look
>> like if it was Linux which was infecting those systems, which, in
>> fact, is not true, because it just would act as a vehicle for them.
>> Having the option to avoid being a vehicle for viruses could be very
>> important. And this is the purpose of clamscan.
>>
>> A simple script to call clamscan on some home directories (at each
>> user's option), which automatically moved those files into an INFECTED
>> directory by default, can do the job. This is more or less the way
>> that modern online email services work: they can't of course get
>> infected by viruses, but they check all the emails automatically to
>> avoid spreading them.
>
>
> Got it!
Fine. This approach is taken for the 'games' group, to allow only a
certain group of people to play games on Linux machines.
>>
>> We keep in contact, send me any comments!
>
>
> Can you give me instructions on how to try the most current version of
> Sabayon? How does this work? I went to this page:
> http://live.gnome.org/Subversion and it says to get a read-only version put
> in this address: http://svn.gnome.org/svn/sabayon/trunk/ however, it isn't
> apparent to me what to do when I get to that page.
Well, to be able to use it, you must download all the sources to your
computer with an application called "Version Control System". In this
case, you have two options. I recommend that you use Bazaar
(http://bazaar-vcs.org/), because it's easier than many others, and
very powerful.
The command is as following:
# bzr co http://bzr-playground.gnome.org/sabayon/trunk
This should give you complete access to the very last *UNSTABLE*
sources. In order to install Bazaar you can do the following on
Ubuntu, if you use it:
# sudo aptitude install bzr bzr-gtk (the last one is for a GUI which I
have not personally tested)
>>
>> Good luck!!
>
> Thanks!
>
> David
I'm happy to help. We keep in contact.
>
>>
>>
>> On Sun, Feb 15, 2009 at 6:25 AM, David Groos <djgroos at gmail.com> wrote:
>> > Hi Nestor,
>> >
>> > Thanks for your reply and encouragement. So you understand about the
>> > 22yo
>> > blond w/ limited coverage used as desktop background ;-)
>> >
>> > As I understand, Pessulus is a component program to Sabayon and is for
>> > locking down GNOME for a generic user. Can you use Pessulus features
>> > assigned to a group, then assign users to that group?. Unfortunately
>> > Sabayon
>> > doesn't work on Hardy (unless bugs were squashed w/in the last couple of
>> > weeks?).
>> >
>> > These thin clients don't have a hard drive--only booting edubuntu. They
>> > will e-mail themselves things from other computers/OSes I'm sure. Would
>> > the
>> > scanning be to prevent viruses on edubuntu or on the other OS?
>> >
>> > The idea of the script is to say create a group called 'firefox', then
>> > go to
>> > the firefox program, set group ownership to the group, 'firefox', then,
>> > set
>> > permissions so that group (firefox) can execute the program but 'others'
>> > have no permission. Then, one can assign students to the group,
>> > 'firefox'
>> > or remove them from that group as necessary.
>> >
>> > David
>> >
>> > On Sat, Feb 14, 2009 at 6:46 PM, Néstor <nestorac at gmail.com> wrote:
>> >>
>> >> Hi David,
>> >>
>> >> you can try Pessulus, I use it on a server&desktop for people not to
>> >> turn it off "by accident". And I think that Sabayon should also work
>> >> at least in Ubuntu Hardy.
>> >>
>> >> A script is not a bad idea, but it's not very fine grained. Anyways,
>> >> there's no easy way to defend people from themselves: someone can just
>> >> manage to get a 22yo blonde girl on the computer background given
>> >> enough time. But this can also be challenging!!
>> >>
>> >> I would give people the possiblity of having an automatic scan on
>> >> their homes for viruses with clamscan, just in case they share that
>> >> information with computers with other OSes.
>> >>
>> >> I think you will enjoy your task, and do a lot of good to your
>> >> community.
>> >>
>> >> Good luck with your project!! :-) Please, send any comments and I'll
>> >> help if I can.
>> >>
>> >> On Sat, Feb 14, 2009 at 6:15 PM, David Groos <djgroos at gmail.com> wrote:
>> >> > Hi All,
>> >> >
>> >> > I'm a teacher working to establish a thin client setup in my
>> >> > classroom
>> >> > which
>> >> > upon success will be immediately replicated in 2 other science
>> >> > classrooms.
>> >> > While the district (Minneapolis Public Schools) is supporting my
>> >> > efforts,
>> >> > they don't know Linux so I'm on my own--with you-all as back up! My
>> >> > goal is
>> >> > create a flexible hardware/software/pedagogical model that will be
>> >> > replicated in all Minneapolis public schools and anyplace where the
>> >> > kids
>> >> > are
>> >> > economically the neediest and of course anywhere else. My blog
>> >> > http://groosd.blogspot reports the tip of the iceberg of my efforts
>> >> > to
>> >> > get
>> >> > this working.
>> >> >
>> >> > As a teacher properly manages computer user permissions in class,
>> >> > students
>> >> > grow in responsible use of this resource. While there are some
>> >> > students
>> >> > who
>> >> > follow the rules when told, others like to explore and test limits.
>> >> > Having
>> >> > a process to manage what students can do on the computers and
>> >> > rewarding
>> >> > students who use the resources responsibly, brings everyone together,
>> >> > allowing for a creative, collaborative and hard working classroom of
>> >> > adolescents.
>> >> >
>> >> > From what I've heard and read on line, there was an excellent GUI
>> >> > program
>> >> > Sabayon which was designed to do just this. Apparently this isn't
>> >> > being
>> >> > maintained and it doesn't work in Hardy or Intrepid. I've seen that
>> >> > some
>> >> > including LaserJock have worked some on this lately but don't know of
>> >> > status?
>> >> >
>> >> > Andreas Olsson and Jordan Mantha and others suggested making a simple
>> >> > script
>> >> > to manage group permissions, a great way to solve this need. Andreas
>> >> > said
>> >> > he would write this script in PERL (his strength) as a proof of
>> >> > concept
>> >> > as
>> >> > well as to meet my class' immediate need. Comments? thoughts?
>> >> >
>> >> > Thanks for all of your work; it makes my work possible.
>> >> >
>> >> > David
>> >> >
>> >> > --
>> >> > edubuntu-devel mailing list
>> >> > edubuntu-devel at lists.ubuntu.com
>> >> > Modify settings or unsubscribe at:
>> >> > https://lists.ubuntu.com/mailman/listinfo/edubuntu-devel
>> >> >
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Néstor
>> >> +34 687 96 74 81
>> >> nestorac at gmail.com
>> >
>> >
>>
>>
>>
>> --
>> Néstor
>> +34 687 96 74 81
>> nestorac at gmail.com
>
>
--
Néstor
+34 687 96 74 81
nestorac at gmail.com
--
Néstor
+34 687 96 74 81
nestorac at gmail.com
More information about the edubuntu-devel
mailing list