We’re using Gradle to run grading scripts for a large introductory programming course taught in Java. I’ve started maintaining our own plugin to do configurable grading based on checkstyle and TestNG test results.
That works fine at the student end. But during official grading I’m worried about adversarial behavior. Docker containers are part of the solution, but I also want to user standard Linux user permissions to ensure that student code can’t attack the grading harness or it’s output.
Our task is already generating a set of Gradle tasks itself and calling execute on them. I know that this is not ideal, but we want to be able to give partial credit and not fail the entire grading script if one of the student’s Java files fail to compile. (It would be nice of the default Java plugin supported this.) So we are calling
task.execute(), and at this point I’d like to be able to execute certain other tasks (like the test tasks that actually run student-provided code) as a different user that, for example, does not have access to the grading configuration files or results directory.
What’s the cleanest way to do this? Can I modify the
commandLine property of the task to prefix
sudo -Hiu <username>? Or is there a better/more official way to approach this problem. FWIW, I don’t need to support Windows environments, since all of our official grading will be done on Linux.