[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [seul-edu] App idea: classroom permissions manager



On Fri, Sep 22, 2000 at 11:24:13AM -0700, Tonnesen Steve wrote:
> I believe that you can't change the group membership of a user on the
> fly (they have to log out and back in again). 

This is not true.  Group administrators can add members to
their group at any time, and the effect is immediate.  What you probably
mean is that it does not immediately affect the new member's
environment.  That's what newgrp(1) and sg(1) are for. 

Suppose you want to limit access to /usr/games/nethack.  
Create a group nethack, then 
% mv /usr/games/nethack /usr/games/nethack.real
% chgrp nethack /usr/games/nethack.real 
and 
% chmod o-x /usr/games/nethack.real

Than write the following script and put it into
/usr/games/nethack:

#! /bin/sh
sg nethack -c /usr/games/nethack.real

Now anybody trying to play nethack would be prompted for a password.
Without knowing the password, they would couln't play. (I guess if you
make the password unmatchable, users wouldn't even get the password
prompt. Anybody knows how to do that?)  Immediately after you add user
to the nethack group (gpasswd -a username nethack), she would be able to
start nethack without password.

If all you want is to start a program from a desktop menu or icon, you
probably don't even need to do all the messy renaming and shell
scripting.  I did it so users who are in the nethack group can simply
start nethack from shell prompt the way they are used to. 

To start a program from window manager menu, I would chmod and chgrp 
the actual program, without moving it somewhere, and put 
sg groupname -c programname 
as the command in the window manager menu.

Somebody asked about changing icons and menus on the fly.  I don't know
about desktop icons (I hate those things and never use them), but menus
would definitely depend on which desktop or window manager you use.
I seem to remember from my brief experiment with gnome that user can set
whether to keep menus in memory or not.  If the menus are not kept in
memory, you can change them dynamically, but you would have to somehow
prevent your users from changing this setting.  

In fvwm, menus are read at startup from .fvwmrc (.fvwm2rc, actually),
but you can also write modules that interface with fvwm and create menus
on the fly.  With managers like scwm or sawfish, you could probably
write a scheme or lisp function to do that.  I don't know about other
desktops/window managers.

-- 
Jan Hlavacek                                            (219) 434-7566
Department of Mathematics                             Jhlavacek@sf.edu
University of Saint Francis               http://www.sf.edu/jhlavacek/