* display project quota as user
@ 2012-03-14 13:09 Andre Noll
2012-03-14 23:31 ` Dave Chinner
0 siblings, 1 reply; 3+ messages in thread
From: Andre Noll @ 2012-03-14 13:09 UTC (permalink / raw)
To: xfs; +Cc: André C. Stiel
[-- Attachment #1.1: Type: text/plain, Size: 1341 bytes --]
Simple question: Can non-privileged users display XFS project quotas?
Currently the command
xfs_quota -c 'quota -p 42'
fails when executed as a non-root user due to quotactl(Q_XGETQUOTA,...)
returning EPERM. The problem seems to be that fs/quota/quota.c has no
knowledge of project quotas at all.
The proof-of-concept patch below makes quotactl(Q_XGETQUOTA,...)
succeed for any user when called with type == XQM_PRJQUOTA. However,
relaxing the permission checks like this might not please everybody,
changes semantics of an existing API and adds the XFS specific constant
XQM_PRJQUOTA to fs/quota.c. So I'm not even asking to apply something
like that.
Is there a better way to allow users to display project quotas?
Thanks
Andre
---
diff --git a/fs/quota/quota.c b/fs/quota/quota.c
index fc2c438..010763d 100644
--- a/fs/quota/quota.c
+++ b/fs/quota/quota.c
@@ -33,7 +33,8 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
case Q_GETQUOTA:
case Q_XGETQUOTA:
if ((type == USRQUOTA && current_euid() == id) ||
- (type == GRPQUOTA && in_egroup_p(id)))
+ (type == GRPQUOTA && in_egroup_p(id)) ||
+ (type == XQM_PRJQUOTA))
break;
/*FALLTHROUGH*/
default:
--
The only person who always got his work done by Friday was Robinson Crusoe
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
[-- Attachment #2: Type: text/plain, Size: 121 bytes --]
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: display project quota as user
2012-03-14 13:09 display project quota as user Andre Noll
@ 2012-03-14 23:31 ` Dave Chinner
2012-03-15 8:01 ` Andre Noll
0 siblings, 1 reply; 3+ messages in thread
From: Dave Chinner @ 2012-03-14 23:31 UTC (permalink / raw)
To: Andre Noll; +Cc: André C. Stiel, xfs
On Wed, Mar 14, 2012 at 02:09:02PM +0100, Andre Noll wrote:
> Simple question: Can non-privileged users display XFS project quotas?
>
> Currently the command
>
> xfs_quota -c 'quota -p 42'
>
> fails when executed as a non-root user due to quotactl(Q_XGETQUOTA,...)
> returning EPERM. The problem seems to be that fs/quota/quota.c has no
> knowledge of project quotas at all.
Right - only XFS supports project quotas.
> The proof-of-concept patch below makes quotactl(Q_XGETQUOTA,...)
> succeed for any user when called with type == XQM_PRJQUOTA. However,
> relaxing the permission checks like this might not please everybody,
> changes semantics of an existing API and adds the XFS specific constant
> XQM_PRJQUOTA to fs/quota.c. So I'm not even asking to apply something
> like that.
>
> Is there a better way to allow users to display project quotas?
There is no user <=> projid mapping that exists, so either the
information is available to everyone, or it is available only to
root. In this case, system wide quota reports are limited to root,
and I don't see that changing.
If you really must allow users to see project quota limits, then
write a simple wrapper program and allow only the users that need
the infomration to execute it via sudo....
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: display project quota as user
2012-03-14 23:31 ` Dave Chinner
@ 2012-03-15 8:01 ` Andre Noll
0 siblings, 0 replies; 3+ messages in thread
From: Andre Noll @ 2012-03-15 8:01 UTC (permalink / raw)
To: Dave Chinner; +Cc: André C. Stiel, xfs
[-- Attachment #1.1: Type: text/plain, Size: 683 bytes --]
On Thu, Mar 15, 10:31, Dave Chinner wrote:
> > Is there a better way to allow users to display project quotas?
>
> There is no user <=> projid mapping that exists, so either the
> information is available to everyone, or it is available only to
> root. In this case, system wide quota reports are limited to root,
> and I don't see that changing.
>
> If you really must allow users to see project quota limits, then
> write a simple wrapper program and allow only the users that need
> the infomration to execute it via sudo....
OK, will do that. Thanks for the clarification.
Andre
--
The only person who always got his work done by Friday was Robinson Crusoe
[-- Attachment #1.2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
[-- Attachment #2: Type: text/plain, Size: 121 bytes --]
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2012-03-15 8:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-03-14 13:09 display project quota as user Andre Noll
2012-03-14 23:31 ` Dave Chinner
2012-03-15 8:01 ` Andre Noll
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox