On Fri, Aug 23, 2013 at 01:05:24PM -0500, Valeri Galtsev wrote: > On Fri, August 23, 2013 11:05 am, Konstantin Belousov wrote: > > On Fri, Aug 23, 2013 at 09:24:32AM -0500, Valeri Galtsev wrote: > >> Dear Experts, > >> After searching the web, reading FreeBSD Docs, trying some hacks found on > >> some discussion boards... I feel it is not easily possible. Yet, as always > >> there may be some expert who knows how to do it: > >> How can one have per user quotas inside jail? > >> Basically, I would like to give users shell access to some server, but > that I prefer to have in jail, where I will mount all filesystems they > need access to... and the only question is: how do I restrict them so > one > >> (or few) user doesn't fill up the whole filesystem. My mind is not married > >> to any particular filesystem, UFS2, XFS, ZFS... - the only thing I > would > >> stay away from is NFS exporting on host and then NFS mounting in jail > (which may be easiest if not the only way quota wise). > > > > UFS quotas work regardless of jailed/non-jailed user. The only > confusing > > issue is that quotas are per host uid. In other words, if host and jail > user, or two users from different jails has the same uid, you get one > quota setting applied and accounted for them. > > > > Usual mitigation is to ensure that user uids are globally unique. > > > > Thanks, Konstantin. > > Still it doesn't work for me. My system is: > > 9.1-RELEASE-p5 amd64 > > Kernel: the same as GENERIC, with one option added: > > options QUOTA # Add disk quota support > > filesystem with quota enabled is directly mounted (UFS; rw,userquota) into > directory inside jail. User (with the same username and UID) exists on the > host system and in jail. Quotas work on the host system. Quotas don't work > inside jail, so this user can fill up the whole filesystem when logged > into jail (jail accepts ssh connections with different hostname...) > > Apart from that I tried a hack which I lifted from someone's FreeBSD 7 > hack (only the variable name changed since then), namely: > > in kernel, in: > > /usr/src/sys/kern/vfs_syscalls.c > > I kicked out two lines: > > if (!prison_allow(td->td_ucred, PR_ALLOW_QUOTAS)) > return (EPERM); > > (which basically obliterate that if done from inside jail as far as I > understand), > > rebuilt and installed this kernel; in file > > /etc/rc.d/quota > > removed line > > # KEYWORD: nojail > > Yet, I'm still where I was: quotas work outside jail, not inside jail... > > So, I'm at loss. I guess I will have to dive into zfs following Aaron > Kaufman's suggestion... Sigh.
UFS quotas work per mount. So if jail root is on a filesystem which has no quotas configured, obviously the thing cannot work. You did not provided any details of your configuration, which makes a diagnostic impossible.
pgpfAj53Vf1os.pgp
Description: PGP signature
