On Thu, 27 Apr 2006, Michael R. Wayne wrote:
On Wed, Apr 26, 2006 at 06:23:59PM -0400, Charles Sprickman wrote:
I have a question about using quotas in a jail with FreeBSD 6.x. So far I
have had no problems on a test box with setting quotas from the host using
a numeric UID (ie: edquota -u 20000 where UID 20000 is a user that only
exists in a jail). That seems to "just work".
Just a heads up: quotas in jails on FreeBSD 6 are pretty broken. I'll
include some workarounds.
Basic operation can be done by specifying a filename, available in the jail,
which contains the quotas. So, on the base system, /etc/fstab contains:
/dev/twed0s2f /usr/jails/foo.bar.com ufs
rw,userquota=/usr/jails/foo.bar.com/usr/quotas/shell.root 2 2
and on the foo.bar.com jail, /etc/fstab contains:
/dev/twed0s2f / ufs rw,userquota=/usr/quotas/shell.root,noauto 2 2
That's pretty nifty. "man fstab" confirms (at least the first part). I'm
still curious if there's any harm in the symlink solution.
Now the problems begin.
You either do
chmod a+r /usr/quotas/shell.root
which permits everyone on the machine to read all quotas (both
quota and repquota) or
chmod o-r /usr/quotas/shell.root
which permits ONLY root to read any quotas. Normal users can
not see their own quotas (I filed a PR on this quite some time back,
nobody seems interested). This seems to be new breakage since 4.x
See, now back in 6.0, I could have sworn that I saw this. Even with the
quota command setuid root inside the jail, I was getting "permission
denied" errors. I'm now running a 6.1-RC from late last week and this
seems to be working now. I'm not sure where to look in the kernel source
to find if something changed, but my guess is someone did "fix" it.
Also, if you edquota from within the jail, it does not really take
effect. You can stick an hourly cron script on the base system containing
quotaoff -a
quotacheck -a
quotaon -a
which will "fixup" the mess. Alternately, you can only use edquota
from the base system which seems to mostly work.
That's fine, I plan to do most work from the host and only become root in
the jail when necessary.
ISTR that there was something else that was odd but I'm sure somebody
else will jump in and mention it.
The above was the main stumbling block for me. I know keeping UIDs unique
across the host and all jails is probably a royal pain for some, but my
use here (shell server inside a jail) really doesn't have any issues with
that.
Thanks,
Charles
/\/\ \/\/
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
