[Lias] School Intranet Server - Functionality & Requirements

[Les Bell]

As I mentioned in an earlier email, I'm currently working on a school
intranet server design, and planning to write up how it's done, so that I
can pass documentation to those who follow. In the spirit of sharing, I've
documented the broad direction our project is heading in, and from this you
can see the documentation I'll be writing up ("How to Set Up Personal Home
Pages in Apache", "How to Set Up Users and Groups for a School", etc.).
Yes, I know there's excellent documentation for some of these techniques in
the HOWTO's and the Apache project site, etc. but the goal here is to write
up some articles that document approaches that are school- and
teacher-specific, and aren't meant for Linux gurus.

These are my thoughts, based on a brainstorming session I did a few weeks
ago. I realised that "our" school (actually, my daughter's - I'm on the
computer committee of the P and C) had spent close to $30,000 on cabling
throughout the school, but still was not effectively leveraging that
investment with services like email. In particular, all the machines in the
computer room were set to use Google as their home page, and I would
really, *really* like to see a home page which reflects pride in the
school, the kids' accomplishments, etc. and could even be used to broadcast
news.

Bear in mind this is a primary school, so it has initially been designed
with this in mind. The result of the "brainstorming" was a mind map which
is published at http://ffps.lesbell.com.au/pandc/schoolserver , which
should be viewed as a companion to this document.

                  ---------------------------------------

Requirements for a School Intranet Server

Web Server

I put this in as an early requirement, for the obvious reason that it
provides a school home page which can be used throughout the school.
Additionally, for young children, the web browser provides a nice, easy
interactive environment in which younger children can learn basic mouse and
keyboard skills.

Other obvious applications include class home pages, home pages for sports
teams, projects, etc. I've also set out to provide personal home page
capabilities through enabling the Apache "public_html" directory
capability, except that I've renamed it "website" for simplicity. By
sharing each user's home directory with Samba, we can be agnostic about web
development tools so kids can use Word, Powerpoint, etc. and I hope to
maintain compatibility with tools like EduWeb.

Our goal is for implementation of a home page during term 2, and the
children are currently taking part in a competitiion to generate artwork
for this.

One benefit of implementing a full web server, rather than loading pages
using "file:" URL's is the ability to run CGI programs on the server. I
initially demonstrated this using a painfully simple "Hangman" game, but
the teachers I presented to were quite excited at the notion of simple
games and educational programs. One that appeals to me is the maintenance
of an event calendar, as the maintenance of a static HTML page - even using
Javascript and CSS - is quite painful.

Email

The primary users here, initially, would be staff. However, I feel that
email usage is an essential skill to teach our children, including
effective/efficient usage habits, as well as the difference between spoken
and written communication and how inappropriate use can lead to flame wars.

Initial implementation is to be within the school only, with no gateway to
the outside world, in order to minimize security/privacy concerns. However,
I expect staff will want to send email globally and this will quickly cause
confusion, so implementation of a connection to the Internet via a DET
(NSW) gateway will probably be a high priority.

I have demonstrated content filtering, with a simple procmail recipe to
block an email with offensive language in it. However, I'm a procmail
novice and am looking for better recipes to (ideally) redirect
inappropriate material to the appropriate teacher for action.

Since users do not have a dedicated computer, it is not possible to
configure a conventional email client with the appropriate user ID,
password etc. for POP/IMAP access (except teachers, perhaps). I am
therefore planning on using a web interface for email. My initial
demonstration was based on Usermin, a companion "product" to the Webmin web
administration tool (http://www.webmin.com) which allows users to change
their own passwords, etc. However, I believe the Webmin mail interface is a
little too complex for primary school kids, and am looking for suggestions
for a simple web mail interface.

File Server

Most of the applications the children use are the usual Microsoft Office
desktop apps, along with games, educational software, etc. It is therefore
easy for them to save their work to a shared drive. Currently, the school
does not have any user accounts for the children (nor for the teachers, I
suspect) and so all directories are shared, leading to occasional (but
increasingly frequent, I suspect) dramas when one student overwrites or
deletes another's work.

I have therefore designed a scheme in which each student has a home
directory, provided by a Samba server. For the younger children, the
accounts have no passwords - I have horrible visions of most of each
computer lesson being devoted to password resetting - but I feel that for
the older children, the notion of using a password to achieve privacy is an
important lesson which should be learned at a young age (say 8 or 9).

The computer teacher at our school has been trying to introduce the notion
of using folders to keep work organized, and I am supporting that by
providing a standard set of folders for every account, created from
/etc/skel (Art, Poems, PP, Stories, etc. but this is obviously easily
customizable).

It should be possible to allow shared access to class folders and web sites
through membership in Linux groups. However, I suspect that a special tool
or script will be necessary to deal with moving students (and their files)
between groups at the beginning of each school year.

Administration

Administration really needs to be through a web-based interface, for
simplicity. My prototype uses Webmin (http://www.webmin.com) and
capitalizes on a couple of Webmin-specific features (e.g. automatic
synchronization of Samba passwords and integration with Usermin) but I'm
open to other suggestions. One benefit of Webmin is that it is open source
(written in Australia) and there is a well-documented API for the coding of
additional modules which could be used to support functionality like
associating students with classes, projects, etc.

One problem is that the school is well within the NSW DET firewall, so that
parents (who provide the tech support expertise) cannot access it via the
Internet. With this in mind, I am proposing to use Red Hat as the platform
for our implementation and register the machine with Red Hat Network so
that upgrades can be applied remotely (I've done this with our squid proxy
and it works well). However, I should be able to devise a scheme for
dial-in access with strong authentication which will allow external access
by authorised administrators and hopefully won't set off alarm bells at DET
(I'm a security professional and yes, I *know* modems inside the firewall
are generally a bad idea, but . . .).

                  ---------------------------------------

Enough said! If anyone can use any of this stuff as is, please let me know
and I'll prioritise writing it up and putitng it on the web. More to the
point, if anyone has any ideas or suggestions, based on their experience,
or can point me to tools for email content filtering, web mail, etc.
appropriate to schools, I'd love to hear from them. Also, remember, I'm a
technical type, not a teacher (except of adults) so comments from teachers
along the lines of "that sounds good in theory, but in the real world, it
won't work" are also welcome. While focused on the immediate project at
"our" school, I'd feel better if whatever I do is of general use and
benefits the wider community.

There's a whole bunch of ancillary issues to be dealt with, too. For
example, I've run a basic HTML editing class at our school, and would
happily run a basic class on Linux administration for teachers and parents.
As I say, I have to do *something* to ensure that the torch gets passed
when my daughter goes to secondary school and we move on as a family.

Best,

--- Les Bell, RHCE, CISSP
[http://www.lesbell.com.au]