Norman Zhang wrote on Wed, Sep 18, 2002 at 12:06:35PM -0700 : > > I tried to set disk quota on LM8.2. But when I typed quota -u, I get > > Quota: Can't initialize quota on /dev/hda8: Function not implemented > Disk quotas for user root (uid 0): none > but /etc/mtab says > /dev/hda8 /home ext3 grpquota, usrquota 0 2
You are in luck. A couple of us have put our heads against this very issue with 9.0 and the results are a little suprising. Warning, this is a fairly long explanation, but I attempted to be thorough. > Does LM8.2 kernel has quota support compiled in by default? Is this > neceesary for samba support? Yes, the quota support is compiled into the kernel. All kernel versions, even the kernel-linus package which has no Mandrake patches applied. That answers your question, but there is much more going on behind the scenes than at first glance. I will just talk about user quotas, but the same philosophy applies to group quotas as well. Assume that I have /home set to use usrquota and I'm using v2 of the quotas (ie a 2.4 kernel), which means that the quota file will be named /home/aquota.user. When you initially run 'quotacheck' to populate the aquota.user with the current user disk space usage, it will create the file with mode 0600 permissions, owned by root:root. When the 'quota' command is called, the first thing it does is look to see what user is running it and decides if it's ok to provide this info. User root can view anybody's info. Any other user can only view theirs, however, this is done in the quota utils themselves, not the kernel. This is an important fact that has a bearing later on. It also checks to see which mounted filesystems actually support quota, another fact that has a bearing later on. The second thing the 'quota' command does is connect to the kernel using the quotactl() function with a signal that says "Give me the quota usage statistics for user 'blah'". The kernel code for ext2/3 immediately returns a code for "Function not implemented". I sent an email to Jeff Garzik and he replied "pretty much... the general direction is to leave all 'policy' to userspace, in this case the display of quota information." So this makes sense. Note that this is a non-fatal error. Also note that I said for ext2/3. The kernel does different things for xfs, which I will detail below. The third thing the 'quota' command does (if the second didn't work) is to try to read the /home/aquota.user file directly. If the user root is running the 'quota' command, no problem. However, if it's a regular user running the command, that user can't read the file. So the regular user can't get his own quota usage. This is an unfortunate side effect of removing "policy" from the kernel. You might think that setting the suid bit for the quota binary would solve that. Well, the euid checking code in the quota binary will find that you are user root and happily show you anybody's quota, no matter that you are not the root user running it. Bad. You might then think that making the aquota.conf file mode 0644 would solve the readability problem. Unfortunately, it creates a privacy leak that could be used maliciously. "But the quota utility checks to see who's calling it!" That's a good point, but any regular user could download the quota source to their home directory, modify it so that it doesn't do that check, then compile it. Now he has unrestricted access to see everybody's quota and current disk usage. Bad. There is no documentation of this anywhere on the net that we could find. We arrived at these conclusions by auditing the kernel source and the quota utils source. Stew Benedict was the primary researcher on this research. I was just doing my best to keep up. We found several webpages that showed older Redhat boxen with users checking their quota on ext2 file systems. I do not know what kernel version they were running nor do I know if the quota binary was SUID. I have looked at a RH 7.2 (I think) box and observed that it is not SUID. If anybody else out there has a RedHat 7.x box, please check to see if the binary is suid and if a regular user can view his quota/usage. Special case: XFS. The XFS file system has a different approach. The quotactl function for XFS *DOES* return quota information. So a regular user can check his own quota using the XFS filesystem. This is all done in the kernel and in the XFS module. Summary: 1) Ext2/3 quota is enforced. Root can view all quotas. Users cannot view their own quota settings nor current usage. 2) XFS quota is enforced. Root can view all quotas. Users can view their own quota settings and current usage. Hope this helps someone. With a little luck, Google will find this page and make it a top hit when it comes to "linux quota" searches :) Blue skies... Todd --
msg57829/pgp00000.pgp
Description: PGP signature
