Quotas not working in Jail
Cristian KLEIN
cristi at net.utcluj.ro
Thu May 3 20:09:15 UTC 2007
Hi everybody,
As many persons might have mentioned, non-superusers running inside a
jail are unable to query their quota, unless they have direct access to
"quota.user". This is inconvenient for two reasons:
1) Users will be able to get other's quota as well.
2) Many applications (for example dovecot) use quotactl() to retrieve
the user's quota, so giving access to quota.user won't help.
All this is caused by the following piece of code in vfs_syscalls.c
--- cut here ---
/* XXX PRISON: could be per prison flag */
static int prison_quotas;
#if 0
SYSCTL_INT(_kern_prison, OID_AUTO, quotas, CTLFLAG_RW, &prison_quotas,
0, "");
#endif
--- and here ---
Does anybody know why '#if 0' is there? Considering the fact that
SYSCTL's defined this way can't be written from jail, and that the
default is zero, I think it is safe to remove '#if 0'.
I changed 'prison_quotas' from KDB on one of my servers, and everything
seems to be fine. I can finally show quotas to my users. :)
Another fact which bothers me is why does quota(1) read quota.* files
directly when quotactl(2) fails? As I understood from a post, quota
caching within the kernel might render writing to quota.* useless. In
addition, quota handling should strictly be the kernel's job. Userspace
shouldn't know nor care how the kernel stores its quota.
My 0.02$.
More information about the freebsd-fs
mailing list