Epoptes

teacher with restricted rights

Asked by gymbuntu

Hi
We use ltsp with epoptes with over 100 LTSP fatclients for 70 Teachers and 800 students.

as far as I know with epoptes I have two possibilities :
1) I am not a member of the epoptes group:
Every "teacher" can see and interact my screen

2) I am a member of the epoptes group:
I can see all others but cannot bee seen by any other member of the epoptes group
I have ultimate right on all machines with cat 1 users.

I would like to have a restricted teacher in between.
this restricted teacher is able to use the supervising epoptes functions on all machines in the same "room",
but not on the whole network.

At the moment it happens quite often that a teacher selects "found clients" instead of his room
and presses "lock" to get his students attention, but locks all ltsp machines on the entire network.

If a "restricted teacher" could only see the PCs listed in the "room" he sits in, this and lots of related problems
would be solved.

Is there a way to realize this?

Thanks for your help
Roland

Question information

Language:
English Edit question
Status:
Answered
For:
Epoptes Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Fotis Tsamis (ftsamis) said : 		#1

Currently what you describe is not possible. However, there are plans to implement group permissions in the future, as well as global groups, which will allow setting the computer groups once, system-wide.

If you are interested in sponsoring the group permissions feature, feel free to contact me.

Revision history for this message
Joshua Burgess (burgessja) said : 		#2

Has there been any progress on a feature like this in newer versions?

If there were a way to hide the "Detected Clients" section, and only show groups that had been configured, that would effectively allow us to limit teachers to only the clients that they need to see.

Revision history for this message
Alkis Georgopoulos (alkisg) said : 		#3

Hi, Epoptes development was funded by the Greek Ministry of Education, but that has now stopped.
So any development now happens only for sponsored tasks, i.e. you can open a github issue and post a bounty if you want:
https://github.com/Epoptes/epoptes/issues

Revision history for this message
Joshua Burgess (burgessja) said : 		#4

What would be considered an acceptable bounty for something like this?

Revision history for this message
Alkis Georgopoulos (alkisg) said : 		#5

Hi, I've written a page about bounties in http://epoptes.org/documentation/bounties

For the implementation of the requested feature, I propose the following parts. You can select if you want to sponsor one, two or all parts.

First part (one hour for development):
A setting in /etc/default/epoptes that can hide the autodetected computers group, unless the teacher is also a sudoer.

Second part (two hours for development):
Currently, the epoptes groups are saved in ~/.config/epoptes/groups.json. You can open that file with an editor and see its contents.
The sysadmin is supposed to create similar files in /etc/epoptes/<filename>.groups.
Now suppose I'm a teacher and I open the Epoptes GUI application. And let's say that my username is "alkisg", and I belong in the group "high_school_teachers".

Epoptes will try to open those files in turn:
1) /etc/epoptes/alkisg.groups
2) /etc/epoptes/high_school_teachers.groups
3) /home/alkisg/.config/epoptes/groups.json

So if it finds an "alkisg.groups" or a "high_school_teachers.groups" file, it will only show those groups for me, and disable the autodetected computers group.
It will also disable parsing of "groups.json", so that the teacher won't be able to manually create more groups.

Third part (two hours for development):
A page under epoptes.org/documentation that would document the aforementioned features.

Can you help with this problem?

Provide an answer of your own, or ask gymbuntu for more information if necessary.

To post a message you must log in.