Date: Mon, 03 Sep 2012 11:12:50 -0600 From: Jamie Gritton <jamie@FreeBSD.org> To: freebsd-jail@FreeBSD.org Subject: Re: Quotas inside jails Message-ID: <5044E512.6090209@FreeBSD.org> In-Reply-To: <20120831204129.GP30681@www.jail.lambertfam.org> References: <CANDt73drFBbfmNN8ZYkn9VdUuDO60JEn8Ks1ZFgsaiDqnbpxLA@mail.gmail.com> <6B11ADF9-5B11-41CD-BDAC-6F8236FC1E4C@jnielsen.net> <CANDt73e92Kewx7KsXaCmZaRPO%2BCNsXBmT4T3Adt8A3wCOVWv5A@mail.gmail.com> <20120831204129.GP30681@www.jail.lambertfam.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/31/12 14:41, Scott Lambert wrote: > On Thu, Aug 30, 2012 at 07:05:30PM -0400, Darek M wrote: >> On Thu, Aug 30, 2012 at 5:32 PM, John Nielsen<lists@jnielsen.net> wrote: >>> >>> Another way to set hard quotas for jails is to give each one its >>> own filesystem of fixed size. This is trivially easy with zfs--just >>> create a zfs for each jail and set the quota property. To use UFS >>> you can create image files of whatever size you want, make them >>> md(4) devices, and then newfs(8) and mount(8) them. Unlike the >>> method in the handbook, neither of these options requires kernel >>> quota support. >> >> But these would be a quota for the entire jail. I'm interested in >> having per-user quotas for users inside a jail. >> >> I'm curious whether the "security.jail.param.allow.quotas" sysctl is >> my missing link, and if so, why it is immutable. > > If using ZFS, you *could* create a file system with quota for each > user's home directory in the jail. I'm not saying it would be > pretty.... > > With UFS, I think you would have to ensure that UID/GIDs do not > overlap between jails, at least for the users you want to be affected > by quotas. That could be as ugly as the thousands of ZFS file > systems. Well, you could if you trusted the jail admins not to use other UID/GIDs (which he likely isn't even aware of). But the whole point of jails is that you *don't* have to trust the admin. - Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5044E512.6090209>