From owner-freebsd-jail@FreeBSD.ORG Fri Aug 23 16:06:00 2013 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 2993430E for ; Fri, 23 Aug 2013 16:06:00 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 39E8420F6 for ; Fri, 23 Aug 2013 16:05:59 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id r7NG5njV041728; Fri, 23 Aug 2013 19:05:49 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua r7NG5njV041728 Received: (from kostik@localhost) by tom.home (8.14.7/8.14.7/Submit) id r7NG5nEg041727; Fri, 23 Aug 2013 19:05:49 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Fri, 23 Aug 2013 19:05:49 +0300 From: Konstantin Belousov To: Valeri Galtsev Subject: Re: per user quotas inside jail? Message-ID: <20130823160549.GD4972@kib.kiev.ua> References: <19176.128.135.70.2.1377267872.squirrel@cosmo.uchicago.edu> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="QHaTRyzd7ZvLr5Ce" Content-Disposition: inline In-Reply-To: <19176.128.135.70.2.1377267872.squirrel@cosmo.uchicago.edu> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: freebsd-jail@freebsd.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Aug 2013 16:06:00 -0000 --QHaTRyzd7ZvLr5Ce Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Aug 23, 2013 at 09:24:32AM -0500, Valeri Galtsev wrote: > Dear Experts, >=20 > After searching the web, reading FreeBSD Docs, trying some hacks found on > some discussion boards... I feel it is not easily possible. Yet, as always > there may be some expert who knows how to do it: >=20 > How can one have per user quotas inside jail? >=20 > Basically, I would like to give users shell access to some server, but > that I prefer to have in jail, where I will mount all filesystems they > need access to... and the only question is: how do I restrict them so one > (or few) user doesn't fill up the whole filesystem. My mind is not married > to any particular filesystem, UFS2, XFS, ZFS... - the only thing I would > stay away from is NFS exporting on host and then NFS mounting in jail > (which may be easiest if not the only way quota wise). UFS quotas work regardless of jailed/non-jailed user. The only confusing issue is that quotas are per host uid. In other words, if host and jail user, or two users from different jails has the same uid, you get one quota setting applied and accounted for them. Usual mitigation is to ensure that user uids are globally unique. --QHaTRyzd7ZvLr5Ce Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (FreeBSD) iQIcBAEBAgAGBQJSF4hcAAoJEJDCuSvBvK1B2QcQAJJoKZD6fvBKJwiYlnVglEbK +bF2Gd9DKV5Zae9IlPAhsset7oE9FcPjwwNiezQaxYYsNq/7+c6zANO4MmcE227O m/+HFJpwC4vKgZlVq5lLKpY/A362HktmW3H2bu2B7dYgCKZWVGJheJDHB8O/2Q3z 1ABiD53sNYnxzXWwsvxi+pH+cL6+02rEtTuS4wsdf3eL+i0nHzWJEdkRqJtv1sVr en2VFPWxFcY17nxu5bJitbLqAE/e93NzzQMYsW/7ooN0xwM4WcMZP/fSqkeEMir8 MwYBsOvDGwgc0J6pPRxee6BcKWHmMpD5JxVYN1WE49kule5gBstlMtjb1OCnVgZ+ VOIYTo+DJmg58E8OaTEsvJHYhXoIl26YNN3rvYyY1QY4V02qDWzDjx/qaN1gpF7v M3tlwVylk8eHqixqVQy0v65hzcSEyvBMDWsX9VWIgJcI3xcwcfXKJc5lsznK2vhq yUl3UJOR6mg8q2AC8EkwOaxi08GWcwORhi7zi++qIitoQQRtQYvg0ExvOZaD3Onn EVzt/U3UX5u35tY8Cd2PTcTcuGObDQBL+/9YY9hgZDRkZOaBWH2W2GKE/AQeNg4n 7Ki0yy4EUrmdmcLBCdWFbZsk+AvzHi+WTEb9ocMkvLzINRvgqBpxnuD9o8IlNLJz DIEqUORFwHe3z48Ji6bM =4AWU -----END PGP SIGNATURE----- --QHaTRyzd7ZvLr5Ce--