-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/home/jobe path explicitly coded in LanguageTakss.php #1
Comments
It sounds like While a config file might be nice, I'm going to run with the simpler solution for now of a documented warning. I've now added the following, around line 65 of LanguageTask.php:
Thanks for the feedback, Dirk. |
I'm trying to parse this comment out. "...make sure the directory... with group www-data" but then "If it's readable by the webserver... hoover up other student's submissions." In the first sentence it says to make it readable by the web server. Then in the second it says that if I do that, submissions are exposed. This is either contradictory or designed to enable hovering of other student's submissions? NOTE: Apologies for the necro-post. I came across this while trying to sort out why I am getting permission denied errors in |
Thanks for posting your concerns. However, I'm wondering if you're reading a very old version of the code because the comment as it currently stands reads: // WARNING: the /home/jobe/runs directory (below) is generated by the installer. So the hoovering-up risk applies if the jobe<n > users can read the runs subdirectories, not if the webserver can read them. The webserver initiates the jobs but their ownership changes to jobe00, jobe01 etc when they're running. |
On line 65 of LanguageTasks, the /home/jobe path is explicitly coded into the application. For various reasons (our /home is typically an auto-mounted mess) I specified a homedir of /local/jobe.
The failure mode was a little perplexing - jobe directories were in /tmp and readable by all other jobe submissions, which our pesky students quickly exploited.
Perhaps the documentation should indicate you need to use /home (or change the file) or it should be auto configured from the config file.
The text was updated successfully, but these errors were encountered: