Table of Contents

SecureQ Setup (optional)

SecureQ is an optional system that can be used together with labtest to provide a facility for ensuring that students working side by side during a test are not working on identical questions.

Before Setting up SecureQ

In order to setup SecureQ, you must know the following:

1. What Prism labs will be used for your test?

There are 78 ea hosts in LAS 1006, ea01 through ea78. There are 32 gsp hosts in LAS 1004, gsp01 through gsp32. There are 32 ptl hosts in LAS 1002A, ptl01 through ptl32.

2. Who will be allowed to write your test?

By default, everyone with a valid EECS username and password who is logging into a machine in labtest mode that meets the lab specification above can write your test. This is usually sufficient. However, you can restrict access to your site further should you so choose. For example, you can limit the site to only students officially enrolled in your course, users in a particular unix group, etc. Don't forget to include yourself!

3. How many questions (or unique sets of questions) do you have for your test?

In general, 2 sets of questions should be more than enough to ensure that students working side by side are not working on the same test, but you can have as many sets of questions as you like. In fact, you can even have different sets of questions in each lab!

Setting up SecureQ with mksecureq

In order to setup SecureQ, use the “mksecureq” command as follows:

mksecureq -l <lab> -n <number of sets of questions> <labtest dir> 

Use the -l option to specify the labs you will be using. You can use more than one -l option if you are using multiple labs for your test.

If you do not specify the -l option, the default is just “-l ea”. In addition, if you are using machines outside of these labs, then you will need to manually add them to SecureQ. More details on this will be provided below.

Use the -n option to specify the number of sets of questions that you will be generating for your test. If you do not specify the -n option, the default is 2 question sets.

<dir> is the full path to the root of your labtest directory. For example: /eecs/dept/www/course_archive/2016-17/S/9999/labtest. mksecureq will create <dir> if it does not already exist, as long as you have access to create it.

(optional) mksecureq uses mkhtaccess to restrict who can get a question from your SecureQ site. The default arguments passed will be -S -l which means that anyone with a valid EECS account can get a question from your site. Add the -p option if you wish to specify different arguments to the mkhtaccess command. In general, this is usually unnecessary. If you need assistance, please contact tech.

mksecureq creates a default index.html file in <labtest dir> if one does not already exist. This is normally where your default labtest start page will be, and if you already have an index.html file there, it will not over-write it. On the default index.html start page, you will see a link to SecureQ that looks like this:

To get your question, click <a href="secureq.cgi">here</a> 

If you already had a default index.html file, you will need to add a link to secureq on your own as above.

Please Note: After running mksecureq, the files in your directory will be group labtest. If you use “emacs” to edit any of those files, it will reset the group permission on files that you edit to your primary group (eg. “faculty”) which will cause labtest to fail. You must reset the group on all files back to “labtest” for labtest mode to work.

SecureQ Directory Structure

Inside the secureq directory you will find three directories - log, map, and questions.

The “questions” directory contains the question sets. You specified the number of question sets using the “-n” option to mksecureq. For example, if you ran mksecure with “-n 2” (the default), then you will find two files in the “questions” directory after running mksecureq - 1.html is automatically used for question set 1, and 2.html is used for question set 2. These are straight HTML files, and you can put whatever content you want inside.

Also inside the “questions” directory is the file “questions.conf”. questions.conf is a text file that maps questions to the lab machines that you specified using the “-l” option to mksecureq! The format of the file is:

machine (space or tab) question set file

For example, if ea01 is assigned “1.html”, then you will see an entry in questions.conf that looks like this:

ea01 1.html

By default, mksecureq simply creates a list of all the machines from all the labs that you specified with -l, and assigns the questions as follows – first machine gets the first question set, the second machine gets the second question set, and so on until the list of questions is exhausted, and then it starts over.

The “log” directory (which will initially be blank) will contain one file per user, with the name of the user who successfully logs into SecureQ. The log entries will look something like this:

Tue Feb 21 15:31:24 EST 2006 user: bob, host: ea05, question: 2.html
Tue Feb 21 15:34:14 EST 2006 user: bob, host: ea06, error: user assigned question 2.html, but machine question is 1.html

The first log entry here says that user “bob” was assigned question 2.html on ea05. The user bob then tried to login a few minutes later to ea06 to see if he could get a different question set! The second log entry shows that bob tried to view the question set assigned to ea06, but was denied. In the event that bob's machine malfunctions, logging into another machine will give bob a message that tells him which other machines are assigned his identical question.

The “map” directory (which will also be initially blank) will contain one file per user with the name of the user who has successfully been assigned a question set by SecureQ. The file will only contain the filename of the question set that the user has been assigned. For example, in the case above, “map/bob” exists and contains:

2.html 

This means that bob was assigned question set “2.html”. Again, if bob tries to login to any other machine that has not been assigned to 2.html, he will not be able to see the questions there.

NOTE: If, during the test, you need to have the user assigned a different question set, you can modify the students map file “map/bob” manually, and adjust it to point to another question, but be careful because if you make a typo, bob won't be able to get any question! Alternatively, you can delete the map/bob file altogether, and now bob can login to any machine and will be assigned the question set assigned to that machine.

All files and permissions are automatically generated by the mksecureq utility. Furthermore, a .htaccess file is placed in the secureq directory which denies web access to the files and directories. An .htaccess file is also placed in the root of your labtest site which limits access to your labtest based on your access specifications.

If you happen to delete a file from the SecureQ tree, you can simply re-run mksecureq. It will only create files or directories that do not exist.

SecureQ Security

SecureQ will only work from EECS department machines. If you try to use SecureQ from outside of the department, you will get a message as follows:

secureq is not available from this host. 

The secureq directory must retain its 770 mode, and group labtest ownership, or SecureQ will not run.

A secureq.cgi wrapper file is copied to your top-level labtest directory. It must not be deleted, or SecureQ will not run. It exists mostly so that when you are testing your site in your own personal web area, the web server can run SecureQ as you. The script must be owned by you, and your primary unix group (eg. faculty). The script file must be mode 755, and the directory that the script file is in must not be writable by group/other.

Inside the secureq directory, the internal directories log, map, and questions should retain their 770 mode, and group labtest. The files in the “log”, and “map” directories will always be generated with mode 660, and group labtest. The question files and question configuration files in the questions directory will be mode 640, and group labtest.