From owner-freebsd-isp  Fri Jun 28  4:27:50 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B6A5A37B405
	for <freebsd-isp@FreeBSD.ORG>; Fri, 28 Jun 2002 04:27:45 -0700 (PDT)
Received: from tchpc01.tcd.ie (tchpc01.tcd.ie [134.226.10.78])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 92A6843E06
	for <freebsd-isp@FreeBSD.ORG>; Fri, 28 Jun 2002 04:27:44 -0700 (PDT)
	(envelope-from bobb+freebsd-isp@redbrick.dcu.ie)
Received: from flipflop.tchpc.tcd.ie (hpc04.iss.tcd.ie [134.226.10.47])
	by tchpc01.tcd.ie (Postfix) with ESMTP
	id 4A132356C; Fri, 28 Jun 2002 12:37:44 +0100 (IST)
Received: by flipflop.tchpc.tcd.ie (Postfix, from userid 1001)
	id D4604192; Fri, 28 Jun 2002 12:27:38 +0100 (IST)
Date: Fri, 28 Jun 2002 12:27:38 +0100
From: Robert bobb Crosbie <bobb+freebsd-isp@redbrick.dcu.ie>
To: Wincent Colaiuta <wincentcolaiuta@mac.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: Apache + disk quotas loophole?
Message-ID: <20020628112738.GA65863@lummux.tchpc.tcd.ie>
References: <F7356C3F-8A38-11D6-B6C4-003065C60B4C@mac.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <F7356C3F-8A38-11D6-B6C4-003065C60B4C@mac.com>
User-Agent: Mutt/1.4i
Organization: bobb Industries
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Wincent Colaiuta hath declared on Friday the 28 day of June 2002  :-:
 
> But if his website is dynamic and apache is writing files to the disk 
> for him (pages, files etc), won't they be created as user "nobody" or 
> "www" files (or whatever the server is running as) and hence will they 
> be omitted from the quota restriction?

Yeah pretty much,
You could enable the SuEXEC wrapper in apache so that the cgi's 
run as the user who ownes them, then the files they create will
also be owned by that user.

> And a related question... how would I include MySQL storage in the quota 
> also? (Same problem there, all MySQL db files are owned by "mysql").
 
I don't know of any direct way to do this through mysql.
(mysql.com is also down at the moment...)

You could put a filesize limit on the mysql processes so that
no db files could grow above that size, I immagine that this
would have a negative effect on mysql once they reached that size.

You could try changing the owner.group of the database files to
username.group and have them group writeable so that mysqld can 
write to them, you would have to do this manually whenever a database
or table was created, which would mean that you would have to restrict
the create table privilage from your users. (perhaps a CGI wrapper...)
This would probably have a negative effect on mysql when the quota 
is reached.

- bobb


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message