From: Ravi Singh <ravising@redhat.com>
To: linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org
Cc: jack@suse.com, cem@kernel.org, dgc@kernel.org
Subject: [RFC PATCH] quota: allow unprivileged users to query ID 0 default limits
Date: Thu, 12 Mar 2026 17:08:10 +0800 [thread overview]
Message-ID: <20260312090810.1145908-1-ravising@redhat.com> (raw)
Default quota limits are stored on the ID 0 dquot record and are
applied by the kernel to all users who have no explicit limits set.
However, check_quotactl_permission() only allows unprivileged users to
query their own user or group quota via Q_GETQUOTA/Q_XGETQUOTA. This
means unprivileged users cannot discover what default limits apply to
them.
Allow any user to query ID 0's quota via Q_GETQUOTA/Q_XGETQUOTA.
Note that this does expose ID 0's usage counters and timers in
addition to the default limits. This enables userspace tools like
xfs_quota to fetch default limits and display them to unprivileged
users.
This change does not affect Q_XGETNEXTQUOTA, Q_SETQLIM, or any other
quota command -- those still require CAP_SYS_ADMIN.
Signed-off-by: Ravi Singh <ravising@redhat.com>
---
fs/quota/quota.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/fs/quota/quota.c b/fs/quota/quota.c
index 33bacd707..8b21f3c1b 100644
--- a/fs/quota/quota.c
+++ b/fs/quota/quota.c
@@ -42,6 +42,9 @@ static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) ||
(type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))))
break;
+ /* Allow unprivileged read of ID 0 (default quota limits) */
+ if (id == 0)
+ break;
fallthrough;
default:
if (!capable(CAP_SYS_ADMIN))
--
2.49.0
next reply other threads:[~2026-03-12 9:08 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-12 9:08 Ravi Singh [this message]
2026-03-12 9:45 ` [RFC PATCH] quota: allow unprivileged users to query ID 0 default limits Andreas Dilger
2026-03-17 6:59 ` Ravi Singh
2026-03-17 6:59 ` [PATCH v2] xfs: return default quota limits for IDs without a dquot Ravi Singh
2026-03-17 12:19 ` Jan Kara
2026-03-17 13:31 ` Theodore Tso
2026-03-18 17:29 ` Jan Kara
2026-03-18 22:18 ` Darrick J. Wong
2026-03-19 12:22 ` Jan Kara
2026-03-23 11:25 ` Ravi Singh
2026-03-25 0:16 ` Darrick J. Wong
2026-03-25 5:46 ` Christoph Hellwig
2026-03-25 9:11 ` Ravi Singh
2026-03-30 6:14 ` [PATCH v3] " Ravi Singh
2026-03-30 16:04 ` Darrick J. Wong
2026-03-31 6:23 ` Christoph Hellwig
2026-03-31 10:39 ` Carlos Maiolino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260312090810.1145908-1-ravising@redhat.com \
--to=ravising@redhat.com \
--cc=cem@kernel.org \
--cc=dgc@kernel.org \
--cc=jack@suse.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox