Re: Several questions regarding btrfs

["Austin S. Hemmelgarn" <ahferroin7@gmail.com>]

On 2017-11-02 12:28, ST wrote:
> On Thu, 2017-11-02 at 19:16 +0300, Marat Khalili wrote:
>>> Could somebody among developers please elaborate on this issue - is
>> checking quota going always to be done by root? If so - btrfs might be
>> a no-go for our use case...
>>
>> Not a developer, but sysadmin here: what prevents you from either
>> creating suid executable for this or configuring sudoers to let users
>> call specific commands they need?
> 
> 1. If designers have decided to limit access to that info only to root -
> they must have their reasons to do so, and letting everybody do that is
> probably contrary to those reasons.
I wouldn't say this is a compelling argument.  Some things that probably 
should be root only aren't, and others that should not be are, so the 
whole thing is rather haphazard.  Unless one of the developers can 
comment either way, I wouldn't worry too much about this.
> 
> 2. I want to limit access to sftp, so there will be no custom commands
> to execute...
A custom version of the 'quota' command would be easy to add in there. 
In fact, this is really the only option right now, since setting up sudo 
(or doas, or whatever other privilege escalation tool) to allow users to 
check usage requires full access to the 'btrfs' command, which in turn 
opens you up to people escaping their quotas.
> 
> 3. sftp clients (especially those for windows) can determine quota - and
> they do it probably in some standard way - which doesn't seem to be
> compatible with btrfs...
They call the 'quota' command.  This isn't integrated with BTRFS qgroups 
though because the VFS quota API (which it uses) has significantly 
different semantics than BTRFS quota groups.  VFS quotas are per-user 
(or on rare occasion, per 'project'), whereas BTRFS quota groups apply 
to subvolumes, not users, which is in turn part of why it's possible to 
escape quota requirements on BTRFS.