workspacer

Workspacer allows newbies to save their work at the end of meetings, (while on Guest sessions), and allows us to give them class skeletons, documentation files (without giving access to the internet) and software.

Our presense on the school network

We have two accounts on the school network, robotics and robotics-entry, which are the sole members of the group robogroup. Both are in the students group and categorized with the class of 2019 (home folders are /home/students/2019/robotics*). This means that before 2019 these accounts must be moved, lest they be deleted with the graduating class.

On the computers in room 451, files related to workspacer (and software that we need installed for them to use OpenCV) are in /var/tmp/robo*. /var/tmp is local to each machine (as opposed to home folders which are synchronized across machines by network magic) and is accessible to Guest sessions. Software we have installed to /var/tmp/robo-software include CMake, JDK 8, Apache Ant, and OpenCV.

All of this setup should be run from robotics. robotics is the secure side of this; robotics-entry is the insecure side and should not be used for anything nontrivial. The passwords are in the SE vault on 1Password.

The current system works with a set of setuid-enabled executables owned by robotics which can be run by members of robogroup (setuid means that it executes with the permissions of the owner, instead of the permissions of the user that ran the file). setuid executables cannot be run by Guest sessions; when a newbie runs a command like save or make-user, the script SSHes into localhost as robotics-entry (validating with an SSH key that is copied onto the host machine by setup-all.sh before the meeting), which in turn runs the setuid executables to update the user credentials list (which is not tracked by git).

Yes, this is much worse than running a webserver which the newbies connect to through the machines in the lab.

Setting up this repo

To set up an instance of this project:

$ touch round2/users.csv
$ mkdir round2/their-work
$ ln -s /path/to/repo/round2 ~/round2
$ ln -s /path/to/repo/client2 ~/client2

And the necessary libraries must be in ~/workspace-libs (jfxrt.jar and other amd files). These exist on the robotics user account.

Setting up machines in lab

copy-docs-all.sh will copy the Java SE 8 API docs to all machines in rm. 451 which do not have them (at /var/tmp/javase8-api).

$ bash copy-docs-all.sh

setup-all.sh copies necessary libraries for JavaFX to the machines that do not have them (at /var/tmp/robo-libs), and updates the necessary plaintext files on all machines.

$ bash setup-all.sh

Between meetings (preferably at the end of each meeting, for security's sake), make-ssh.sh should be run:

$ bash make-ssh.sh
$ bash setup-all.sh

After running make-ssh.sh, setup-all.sh must be run again in order for the students to work.