Re: Jail Quotas - quota.user hard link
- From: Charles Sprickman <spork@xxxxxxxx>
- Date: Thu, 27 Apr 2006 00:51:12 -0400 (EDT)
On Thu, 27 Apr 2006, Michael R. Wayne wrote:
On Wed, Apr 26, 2006 at 06:23:59PM -0400, Charles Sprickman wrote:
I have a question about using quotas in a jail with FreeBSD 6.x. So far I
have had no problems on a test box with setting quotas from the host using
a numeric UID (ie: edquota -u 20000 where UID 20000 is a user that only
exists in a jail). That seems to "just work".
Just a heads up: quotas in jails on FreeBSD 6 are pretty broken. I'll
include some workarounds.
Basic operation can be done by specifying a filename, available in the jail,
which contains the quotas. So, on the base system, /etc/fstab contains:
/dev/twed0s2f /usr/jails/foo.bar.com ufs rw,userquota=/usr/jails/foo.bar.com/usr/quotas/shell.root 2 2
and on the foo.bar.com jail, /etc/fstab contains:
/dev/twed0s2f / ufs rw,userquota=/usr/quotas/shell.root,noauto 2 2
That's pretty nifty. "man fstab" confirms (at least the first part). I'm still curious if there's any harm in the symlink solution.
Now the problems begin.
You either do
chmod a+r /usr/quotas/shell.root
which permits everyone on the machine to read all quotas (both
quota and repquota) or
chmod o-r /usr/quotas/shell.root
which permits ONLY root to read any quotas. Normal users can
not see their own quotas (I filed a PR on this quite some time back,
nobody seems interested). This seems to be new breakage since 4.x
See, now back in 6.0, I could have sworn that I saw this. Even with the quota command setuid root inside the jail, I was getting "permission denied" errors. I'm now running a 6.1-RC from late last week and this seems to be working now. I'm not sure where to look in the kernel source to find if something changed, but my guess is someone did "fix" it.
Also, if you edquota from within the jail, it does not really take
effect. You can stick an hourly cron script on the base system containing
quotaoff -a
quotacheck -a
quotaon -a
which will "fixup" the mess. Alternately, you can only use edquota
from the base system which seems to mostly work.
That's fine, I plan to do most work from the host and only become root in the jail when necessary.
ISTR that there was something else that was odd but I'm sure somebody
else will jump in and mention it.
The above was the main stumbling block for me. I know keeping UIDs unique across the host and all jails is probably a royal pain for some, but my use here (shell server inside a jail) really doesn't have any issues with that.
Thanks,
Charles
/\/\ \/\/_______________________________________________
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"
- References:
- Jail Quotas - quota.user hard link
- From: Charles Sprickman
- Re: Jail Quotas - quota.user hard link
- From: Michael R. Wayne
- Jail Quotas - quota.user hard link
- Prev by Date: Re: Jail Quotas - quota.user hard link
- Next by Date: Re: Can kldload trigger pci bus rescan?
- Previous by thread: Re: Jail Quotas - quota.user hard link
- Next by thread: Re: Jail Quotas - quota.user hard link
- Index(es):
Relevant Pages
|
|
