feat: a2

.gitignore

@@ -2,3 +2,5 @@
 sheet01/a2/Hash.java
 *.class
 passwd
+sheet04/AuthWithTOTP.java
+sheet04/key-exchange.pcap

sheet05/a1/archive.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# $1 = directory path
+chmod -R a-w "$1"

sheet05/a1/create_user.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# $1 = username, $2 = comma-separated groups
+useradd -G "$2" "$1" || usermod -aG "$2" "$1"

sheet05/a1/explanation.txt

@@ -0,0 +1,6 @@
+UNIX permissions only support one Owner, one Group, and Other (UGO). 
+The 'Group' slot is already taken by the specific lecture group to give students write access.
+If we use 'Other' to give the supervisor read access, every user on the system could read it, which would violate the requirements.
+If we add the supervisor to the lecture group, they get write access, which also violates the requirements.
+
+Because a file cannot have multiple groups or user-specific overrides under standard UNIX permissions, this cannot be solved.

sheet05/a1/supervisor.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+# $1 = supervisor username
+echo "not possible with the standard UNIX permissions. See explanation.txt."

sheet05/a2/archive.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+TARGET_DIR=$1
+chmod -R a-w "$TARGET_DIR"

sheet05/a2/create_user.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+USERNAME=$1
+GROUPS=$2
+useradd -G "$GROUPS" "$USERNAME" || usermod -aG "$GROUPS" "$USERNAME"

sheet05/a2/explanation.txt

@@ -0,0 +1,3 @@
+The supervisor's read access would fail with UNIX permissions, since they are limited to one owner, one group, and "others". 
+Access Control Lists (ACLs) resolve this problem by allowing permissions beyond the standard three. 
+Using `setfacl`, we can append specific read and execute rights (r-x) for individual users (the supervisors) directly to the files and directories.

sheet05/a2/supervisor.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+SUPERVISOR=$1
+# Grant read and execute permissions to the supervisor user recursively
+setfacl -R -m u:"$SUPERVISOR":r-x .
+# Set the default ACL
+setfacl -R -d -m u:"$SUPERVISOR":r-x .