Permissions.

Here's a first cut at a default protections/authorization policies and how to implement them via groups and ACLs:

• Every section has an associated (permissions) group.

• Each lab section ``supports" one or more lecture sections.

• Everyone who is a member of a lecture section's group automatically becomes a member of the groups for that lecture section's supporting lab sections.

• Group members have read/write access to the group's files unless the file's owner deliberately suspends that access (on a per-file basis).

• The faculty member in charge of a lecture section owns that section's files.

• The TA in charge of a lab section owns that section's files.