On Fri, August 23, 2013 11:05 am, Konstantin Belousov wrote: > On Fri, Aug 23, 2013 at 09:24:32AM -0500, Valeri Galtsev wrote: >> Dear Experts, >> After searching the web, reading FreeBSD Docs, trying some hacks found on >> some discussion boards... I feel it is not easily possible. Yet, as always >> there may be some expert who knows how to do it: >> How can one have per user quotas inside jail? >> Basically, I would like to give users shell access to some server, but that I prefer to have in jail, where I will mount all filesystems they need access to... and the only question is: how do I restrict them so one >> (or few) user doesn't fill up the whole filesystem. My mind is not married >> to any particular filesystem, UFS2, XFS, ZFS... - the only thing I would >> stay away from is NFS exporting on host and then NFS mounting in jail (which may be easiest if not the only way quota wise). > > UFS quotas work regardless of jailed/non-jailed user. The only confusing > issue is that quotas are per host uid. In other words, if host and jail user, or two users from different jails has the same uid, you get one quota setting applied and accounted for them. > > Usual mitigation is to ensure that user uids are globally unique. >
Thanks, Konstantin. Still it doesn't work for me. My system is: 9.1-RELEASE-p5 amd64 Kernel: the same as GENERIC, with one option added: options QUOTA # Add disk quota support filesystem with quota enabled is directly mounted (UFS; rw,userquota) into directory inside jail. User (with the same username and UID) exists on the host system and in jail. Quotas work on the host system. Quotas don't work inside jail, so this user can fill up the whole filesystem when logged into jail (jail accepts ssh connections with different hostname...) Apart from that I tried a hack which I lifted from someone's FreeBSD 7 hack (only the variable name changed since then), namely: in kernel, in: /usr/src/sys/kern/vfs_syscalls.c I kicked out two lines: if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS)) return (EPERM); (which basically obliterate that if done from inside jail as far as I understand), rebuilt and installed this kernel; in file /etc/rc.d/quota removed line # KEYWORD: nojail Yet, I'm still where I was: quotas work outside jail, not inside jail... So, I'm at loss. I guess I will have to dive into zfs following Aaron Kaufman's suggestion... Sigh. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ freebsd-jail@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-jail To unsubscribe, send any mail to "freebsd-jail-unsubscr...@freebsd.org"