Date: Fri, 30 Aug 2002 13:19:15 -0400 From: "Michael R. Wayne" <wayne@staff.msen.com> To: freebsd-hackers@FreeBSD.ORG Subject: Re: setting quotas _inside_ a jail for users _inside_ a jail Message-ID: <20020830131915.Z59616@staff.msen.com> In-Reply-To: <20020830003917.O58763-100000@utility.clubscholarship.com>; from root@utility.clubscholarship.com on Fri, Aug 30, 2002 at 12:41:54AM -0700 References: <20020830003917.O58763-100000@utility.clubscholarship.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 30, 2002 at 12:41:54AM -0700, Patrick Thomas wrote:
>
> I wonder, is it possible for the root user of a jail to set quotas
> _inside_ her jail for users _inside_ her jail ? Can anyone simply confirm
> or deny that this is possible ?
Yes, it is possible. The following procedure (assuming I documented
it properly here) works fine. We make the following assumptions:
We want quotas within the jail.
We don't care about matching userids from the jail to the server
This is not undoable but it means synccing the password file
which we consider pointless.
We do not try to apply quotas to the jailed server by running
any quota tools on the main server. To administer quotas on
the jail, we log into the jail to do it.
If you find something wrong in here, please let me know. Now that I've
taken the time to write it all down, I will make some noise about getting
it into the documentation.
This REALLY, REALLY should be in the handbook. Was a bear to figure out
the first time.
For this example server (S) runs a jail (J) with a mount point of /J.
So J:/foo is the same file as S:/J/foo.
In S:/etc/fstab, for the filesystems to be quotaed, you must specify
a location which will be available to the jail. Assuming we will
start J with a mount point of /J, this example will work for user
home directories within the jail (the nosuid,nodev is optional)
/dev/da0s1d /J/home ufs rw,nosuid,nodev,userquota=/J/usr/quotas/J.home 2 2
Copy only the lines that have quotas from S:/etc/fstab to J:/etc/fstab
On each of these lines, add the option noauoto and remove the original
mount point. So, the example would put into J:/etc/fstab:
/dev/da0s1d /home ufs rw,nosuid,nodev,userquota=/usr/quotas/J.home,noauto 2 2
^ ^ ^^^^^^
| | |-MUST have no auto here!
| |
Removed the jail mount point |-Removed the jail mount point
in S:/etc/rc.conf:
enable_quotas="YES" # turn on quotas on startup
Now there are some problems in /etc/rc. The following patch deals with these,
if in a somewhat inelegant way. Ideally, /etc/rc would use "if jail" around
these, making /etc/rc usable inside as well as outside of jails.
Note that the instructions continue FOLLOWING the patch!
*** rc.ORIG Fri Aug 30 12:56:34 2002
--- rc Fri Aug 30 12:56:59 2002
***************
*** 38,44 ****
# first before contemplating any changes here. If you do need to change
# this file for some reason, we would like to know about it.
! # Msen off for jails stty status '^T'
# Set shell to ignore SIGINT (2), but not children;
# shell catches SIGQUIT (3) and returns to single user after fsck.
--- 38,44 ----
# first before contemplating any changes here. If you do need to change
# this file for some reason, we would like to know about it.
! stty status '^T'
# Set shell to ignore SIGINT (2), but not children;
# shell catches SIGQUIT (3) and returns to single user after fsck.
***************
*** 179,185 ****
set -T
trap "echo 'Reboot interrupted'; exit 1" 3
- if [ "" ]; then # Msen shuts off ALL mount/umount activity for jails
# root normally must be read/write, but if this is a BOOTP NFS
# diskless boot it does not have to be.
#
--- 179,184 ----
***************
*** 214,220 ****
;;
esac
- fi # Msen shuts off ALL mount/umount activity for jails
adjkerntz -i
--- 213,218 ----
Insure you have quotas in your kernel.
Reboot S.
Log into J and ues edquota to apply one quota to one account.
Reboot S again.
At this point, you should be able to log into J and use all the normal
quota tools as desired.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020830131915.Z59616>