+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28
Windows Thread, Question about permissions on pupils home directories. in Technical; Thought of a possible problem scenario... 1 - Disk quotas are in use on the volume where students store data. ...
  1. #16
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Question about permissions on pupils home directories.

    Thought of a possible problem scenario...

    1 - Disk quotas are in use on the volume where students store data.

    2 - Students have discovered that they can lock staff out of files/folders by modifying the permissions on them.

    3 - Tech staff decide to run a script to normalise the permissions on all student files/folders. This fails because they no longer have access to the files/folders in question.

    4 - Tech staff modify the script to take ownership of the files back before modifying the permissions. This works, but in the process, all files now no longer 'belong' to the students, so the quotas are all stuffed up.

    The solution I guess is to assign ownership of the files/folders back to the correct students. I believe this can be done (might need SetACL). I would be interested to know if anyone has achieved it.

  2. #17
    steve's Avatar
    Join Date
    Oct 2005
    Location
    West Yorkshire
    Posts
    1,040
    Thank Post
    22
    Thanked 175 Times in 121 Posts
    Rep Power
    51

    Re: Question about permissions on pupils home directories.

    Use the quota management in 2003 R2.

    Its based on the size of the folder, not the file ownership.

  3. #18
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Question about permissions on pupils home directories.

    Thanks Steve. I've not had much of a chance to play with R2 yet, but from what I can see of Technet, that certainly looks like one way around the problem.

  4. #19
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,938
    Thank Post
    114
    Thanked 272 Times in 250 Posts
    Rep Power
    104

    Re: Question about permissions on pupils home directories.

    Quote Originally Posted by ajbritton

    The solution I guess is to assign ownership of the files/folders back to the correct students. I believe this can be done (might need SetACL). I would be interested to know if anyone has achieved it.
    I have a simple script for this using the win32 version of chown. The code is in my user creation script as well. I shall see if I can find an example.

  5. #20
    tosca925's Avatar
    Join Date
    Aug 2005
    Location
    Midlands
    Posts
    1,547
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    21

    Re: Question about permissions on pupils home directories.

    Any luck yet chirs?

  6. #21

    Join Date
    Oct 2005
    Location
    Wakefield, UK
    Posts
    51
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Question about permissions on pupils home directories.

    I'm really interested in this too, pupils here have made the discovery that they can share access to their "games" folders.

    There tends not to be many games on our network, as I block executables from home folders and use Dansguardian to stop them downloading any.

    However since they need to use swf files, kids have just started renaming the games button1.swf etc and are becoming pretty difficult to search and destroy.

    If i do find a kid who has changed permissions, all i can do at the moment is change them back and pass them onto the teachers (who do nothing)

  7. #22

    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    122
    Thank Post
    8
    Thanked 11 Times in 10 Posts
    Rep Power
    19

    Re: Question about permissions on pupils home directories.

    Hi
    Thought I would add my problem to this discussion I have just looked at my students home directories and their files are owned by the administrators. To check I logged on as my test student and created a new file. then checked the ownership and it was administrators. Any ideas. I have seen various examples of what the permisions should be and have tried these but no change. I can also change the ownership manually back to the student.

  8. #23
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Question about permissions on pupils home directories.

    Quote Originally Posted by ianniow
    Hi
    Thought I would add my problem to this discussion I have just looked at my students home directories and their files are owned by the administrators. To check I logged on as my test student and created a new file. then checked the ownership and it was administrators. Any ideas. I have seen various examples of what the permisions should be and have tried these but no change. I can also change the ownership manually back to the student.
    Given what I was saying, that sounds very odd. What are the NTFS folder permissions and what are the permissions on the share that the users connect to?

    EDIT: And just in case, what AD groups are your students in. Any chance they are accidentally domain admins?!?

  9. #24

    MK-2's Avatar
    Join Date
    Oct 2006
    Location
    Nottingham
    Posts
    3,237
    Thank Post
    149
    Thanked 581 Times in 307 Posts
    Blog Entries
    8
    Rep Power
    199

    Re: Question about permissions on pupils home directories.

    The way we have it here, which is probably by no means ideal is:

    Full control : administrators
    Modify : the user
    modify : a group created called 'folder perms' that you can add/remove staff to that need access.

    that way instead of adding each teacher/person who needs access to a certain folder, and forget who has access to what folder, they are all in one group.

  10. #25
    ChrisH's Avatar
    Join Date
    Jun 2005
    Location
    East Lancs
    Posts
    4,938
    Thank Post
    114
    Thanked 272 Times in 250 Posts
    Rep Power
    104

    Re: Question about permissions on pupils home directories.

    Quote Originally Posted by tosca925
    Any luck yet chirs?
    Sorry forgot about this:

    Code:
    rem sets permission on all files according to home directory name
    
    for /D %%i in (*) do (
    chown -r %%i "%%i\*.*"
    )
    
    pause
    Run it at the same level as the folders

    Here is the chown I use. Cant find where I got it from originally
    Attached Files Attached Files

  11. #26

    Join Date
    Jun 2006
    Location
    Belfast, N\'Ireland
    Posts
    190
    Thank Post
    10
    Thanked 9 Times in 7 Posts
    Rep Power
    17

    Re: Question about permissions on pupils home directories.

    Just to add a little clarification to early posts about Pupil full control permission specifically assigned and Inherited Full control from ownership.

    Full control from ownership will only happen if in some way the files and folders in question are inheritting the "CREATOR OWNER - FULL CONTROL" permission from somewhere. It is the windows default both server and Client to have this inherit from the Drive/Volume level of the file system. I set my "home" folder to not inherit permissions so that I can start fresh bellow it without this and restrict pupils so they don't have permissions to change attributes or permissions. We had a spate of pupils setting hidden on they're own files and claiming "the computer lost my work".

    As a general rule now I tend to remove inherited permissions from any folder that will get shared on the network and start fresh for my own sanity if nothing else.

    I'm really intrested in the quota management in R2. I'll need to impliment a new storage server for home space soon as we're adding a number of machines to the network and I'll get to use R2 on that.

  12. #27

    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    122
    Thank Post
    8
    Thanked 11 Times in 10 Posts
    Rep Power
    19

    Re: Question about permissions on pupils home directories.

    Quote Originally Posted by ajbritton

    Given what I was saying, that sounds very odd. What are the NTFS folder permissions and what are the permissions on the share that the users connect to?

    EDIT: And just in case, what AD groups are your students in. Any chance they are accidentally domain admins?!?
    Well I don't believe it ops: ops:
    Students were a member of domain admins. Its a good job my students are not the same problem as main stream High school. Mind you I think I would have noticed before now.
    AJ thanks for making me look at the obvious.

  13. #28
    ajbritton's Avatar
    Join Date
    Jul 2005
    Location
    Wandsworth
    Posts
    1,632
    Thank Post
    23
    Thanked 75 Times in 45 Posts
    Rep Power
    33

    Re: Question about permissions on pupils home directories.

    Quote Originally Posted by Teth
    Full control from ownership will only happen if in some way the files and folders in question are inheritting the "CREATOR OWNER - FULL CONTROL" permission from somewhere.
    Sorry, but this is NOT true. When a user creates a file, they are the owner of it and regardless of the permissions that the file may inherit, the file owner has the permission to change the permissions.

    It does appear to be possible to prevent this by limiting the overall permission via the share (ie using Change instead of Full Control), but IIRC, Windows will not let you redirect My Documents to a folder that you do not have Full Control over.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. SharePoint Server 2003 Home Directories
    By plock in forum Virtual Learning Platforms
    Replies: 0
    Last Post: 10th December 2007, 09:32 AM
  2. Replies: 2
    Last Post: 6th October 2007, 09:46 AM
  3. Home Directories on Moodle
    By apeo in forum Virtual Learning Platforms
    Replies: 4
    Last Post: 13th June 2007, 11:20 AM
  4. Replies: 2
    Last Post: 27th April 2007, 06:41 AM
  5. Replies: 9
    Last Post: 16th June 2006, 09:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •