Re: [PATCH v2 0/4] quota: add project quota support

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Theodore Ts'o <tytso@mit.edu>
To: Li Xi <pkuelelixi@gmail.com>
Cc: Shuichi Ihara <sihara@ddn.com>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	Ext4 Developers List <linux-ext4@vger.kernel.org>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
	"hch@infradead.org" <hch@infradead.org>, Jan Kara <jack@suse.cz>,
	Andreas Dilger <adilger@dilger.ca>,
	"Niu, Yawei" <yawei.niu@intel.com>
Subject: Re: [PATCH v2 0/4] quota: add project quota support
Date: Mon, 11 Aug 2014 10:45:35 -0400	[thread overview]
Message-ID: <20140811144535.GD3506@thunk.org> (raw)
In-Reply-To: <CAPTn0cCh0fh2REPgyXg_nBrJVVppiujVyj6XKruocg1q7MVVVA@mail.gmail.com>

On Mon, Aug 11, 2014 at 10:40:38PM +0800, Li Xi wrote:
> > But since you've been arguing that the project id should get preserved
> > across renames, they can evade quota usage by doing:
> >
> >          touch /product/mail/huge_file
> >          mv  /product/mail/huge_file /product/maps
> I don't really understand why these commands can evade project quota
> since:
> 1) A newly created file will inherit project ID from its parent inode.
> 2) Project ID will be preserved across renames
> 3) Project quota won't be transfered unless its project ID is changed.
> 4) Only root user has the right to change project ID.
> The rule 2) and 3) are just the same sematics with UID/GID quotas.
> So, becasue of rule 1), after 'touch /product/mail/huge_file', the project
> ID of 'huge_file' is 'mail', and its usage is accouted as project 'mail'.
> Even we do 'mv /product/mail/huge_file /product/maps', because
> of rule 2), there is no project ID updating and no quota transfer. Since
> so, the project quota of file 'huge_file' is always accounted as 'mail',
> from the first beginning to the end. And that is why I think project quota
> of 'mail' can't be evaded in this way.

Yes, and *that* is the quota evasion.  There is no difference in terms
of who ends up owning the quota between:

     touch /product/mail/huge_file
     mv /product/mail/huge_file /product/maps

and

    touch /product/maps/huge_file
    chgrp mail /product/maps/huge_file

Either way, a file that is storing maps information (that is why it is
in /product/maps/huge_file) ends up getting accounted against the mail
product's quota.

So if you say, ok, we're using project quota, we won't allow:

    chproject mail /product/maps/huge_file

But then the user can just do this instead:

     touch /product/mail/huge_file
     mv /product/mail/huge_file /product/maps

This is why we MUST NOT allow the rename, or force the project quota
to change when you move the inode to a different directory hierarchy
owned by a different project.

					- Ted

next prev parent reply	other threads:[~2014-08-11 14:45 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-08-11 14:40 [PATCH v2 0/4] quota: add project quota support Li Xi
2014-08-11 14:45 ` Theodore Ts'o [this message]
2014-08-11 14:49   ` Li Xi
  -- strict thread matches above, loose matches on Subject: below --
2014-08-14  1:34 Li Xi
2014-08-13  2:32 Li Xi
2014-08-13 13:22 ` Theodore Ts'o
2014-08-11 15:03 Li Xi
2014-08-11 14:16 Li Xi
2014-08-11 10:23 Li Xi
2014-08-11 13:48 ` Theodore Ts'o
2014-08-11  0:19 Li Xi
2014-08-11  0:06 Li Xi
2014-08-10  0:38 Li Xi
2014-08-08 16:58 Li Xi
2014-08-08 16:39 Li Xi
2014-08-08 22:33 ` Theodore Ts'o
2014-08-09 14:24   ` Li Xi
2014-08-09 17:24     ` Theodore Ts'o
2014-08-09 22:17       ` Theodore Ts'o
2014-08-09 23:38         ` Dave Chinner
2014-08-10  0:09           ` Theodore Ts'o
2014-08-10 22:18             ` Dave Chinner
2014-08-10  2:15         ` Li Xi
2014-08-11 10:49           ` Jan Kara
2014-08-10  8:38         ` Shuichi Ihara
2014-08-10 16:52           ` Theodore Ts'o
2014-08-10 20:47       ` James Bottomley
2014-08-10 21:49         ` Theodore Ts'o
2014-08-09 22:14   ` Dave Chinner
2014-08-11 14:41 ` Theodore Ts'o
2014-08-12 15:35 ` Dmitry Monakhov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140811144535.GD3506@thunk.org \
    --to=tytso@mit.edu \
    --cc=adilger@dilger.ca \
    --cc=hch@infradead.org \
    --cc=jack@suse.cz \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=pkuelelixi@gmail.com \
    --cc=sihara@ddn.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=yawei.niu@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.