Changes between Version 3 and Version 4 of Classes/CodeChanges


Ignore:
Timestamp:
Sep 28, 2011 11:08:49 AM (13 years ago)
Author:
mikeryan
Comment:

formatting

Legend:

Unmodified
Added
Removed
Modified

  • Classes/CodeChanges

    v3 v4  
    55 * Anybody with group_root permission is assumed to be a TA
    66
    7 1.  Instructors and TA's are allowed to sudo to any student on the ops node
    8     Instructors may sudo to a TA but not converseley.
     7 1.  '''Instructors and TA's are allowed to sudo to any student on the ops node'''
    98
    10 2.  Experiment Permissions
     9 Instructors may sudo to a TA but not converseley.
    1110
    12     When an experiment is created in the default group, only the
    13     student's home directory and /proj/<PID>/exp/<EID> are exported to the
    14     nodes in the experiment.
     11 2.  '''Experiment Permissions'''
    1512
    16     If the experiment is created in a subgroup of the main project, normal
    17     export permissions already isolate students from others (except for those
    18     in the group). /proj directory exports are applied as above.
     13 When an experiment is created in the default group, only the
     14 student's home directory and /proj/<PID>/exp/<EID> are exported to the
     15 nodes in the experiment.
    1916
    20     The ssh public keys of the instructor and TA's are put into the
    21     root .ssh/authorized_keys file so that the instructors can log
    22     into any node to grade the experiment (as class exercise) or
    23     debug it.
     17 If the experiment is created in a subgroup of the main project, normal
     18 export permissions already isolate students from others (except for those
     19 in the group). /proj directory exports are applied as above.
    2420
    25 3.  Web Interface
     21 The ssh public keys of the instructor and TA's are put into the
     22 root .ssh/authorized_keys file so that the instructors can log
     23 into any node to grade the experiment (as class exercise) or
     24 debug it.
    2625
    27     Instructors and TA's are allowed to Freeze, Thaw and SU as a student
    28     and edit a student's profile
     26 3.  '''Web Interface'''
    2927
    30 4.  Recycleable student accounts.
     28 Instructors and TA's are allowed to Freeze, Thaw and SU as a student
     29 and edit a student's profile
    3130
    32     Student accounts are not created in the normal manner (create
    33     an account, apply to join an existing project) - instead:
     31 4.  '''Recycleable student accounts'''
    3432
    35     A stem is chosen for the project, say in the case of the
    36     project USC558L, sc558, and then a number of accounts are
    37     generated of the form sc558[a-z][a-z] as many are need
    38     to accomodate the students in the class.
     33 Student accounts are not created in the normal manner (create
     34 an account, apply to join an existing project) - instead:
    3935
    40     The instructor provides a list of email address, and the
    41     one account is assigned per email address.
     36 A stem is chosen for the project, say in the case of the
     37 project USC558L, sc558, and then a number of accounts are
     38 generated of the form sc558[a-z][a-z] as many are need
     39 to accomodate the students in the class.
    4240
    43     At the end of the semester, the student accounts are wiped -
    44     all experiments headed by the student are terminated, all files
    45     underneath the students home directory are deleted, the passwords
    46     changed to something random, all public ssh keys and ssl certs
    47     recorded in the database are flushed and then randomly regenerated
    48     as in a new account.
     41 The instructor provides a list of email address, and the
     42 one account is assigned per email address.
    4943
    50     student accounts may not join other projects.
     44 At the end of the semester, the student accounts are wiped -
     45 all experiments headed by the student are terminated, all files
     46 underneath the students home directory are deleted, the passwords
     47 changed to something random, all public ssh keys and ssl certs
     48 recorded in the database are flushed and then randomly regenerated
     49 as in a new account.
    5150
    52     A student may be taking more than one course and only have
    53     one (student) email address; we added a couple of warts to deal
    54     with this -
     51 student accounts may not join other projects.
    5552
    56     There is an ancillary table in the database called email_aliases;
    57     and when the account is assigned the .forward is set to this     
    58     and the students email becomes e.g. sc558ab@users.isi.deterlab.net
     53 A student may be taking more than one course and only have
     54 one (student) email address; we added a couple of warts to deal
     55 with this -
    5956
    60     So, for all users, students or not, we require web login by uid only
    61     and not email address.
     57 There is an ancillary table in the database called email_aliases;
     58 and when the account is assigned the .forward is set to this     
     59 and the students email becomes e.g. sc558ab@users.isi.deterlab.net
     60
     61 So, for all users, students or not, we require web login by uid only
     62 and not email address.