michal@kuhub.cc.ukans.edu (02/24/90)
We need to implement some sort of disk-quota system whereby users going over their limit will not be allowed to create any more files under their home directories. They should be able to read them and delete them, naturally, to be able to go below the ceiling again. We (will be, very soon) running SR 10.2 on all the nodes. Now we only have it set up on one for testing. One way to do this is with ACL's. But the more I read about acls the more confusing this becomes. Especially because files within directories can inherit the acl in 3 diffrent ways: BSD4.3 way, sys5 way and the aegis way. It does not too difficult to take away the files from the user, but to give 'em back with the same protection is a little harder. My question: is there any easier way? -- Merlin [The Magician] (AKA Michal Chmielewski) US Mail: Academic Computing Services, Univ. of Kansas, Lawrence, KS 66045, USA E-mail : michal@kuhub.cc.ukans.edu, michal@ukanvax.bitnet, AT&T (913)-864-0443
dbfunk@ICAEN.UIOWA.EDU (David B Funk) (03/06/90)
In posting <22349.25e5494d@kuhub.cc.ukans.edu> Michal Chmielewski <michal@kuhub.cc.ukans.edu> says: > We need to implement some sort of disk-quota system whereby users >going over their limit will not be allowed to create any more files >under their home directories. They should be able to read them and >delete them, naturally, to be able to go below the ceiling again. >We (will be, very soon) running SR 10.2 on all the nodes. Now we only >have it set up on one for testing. > > One way to do this is with ACL's. But the more I read about acls the >more confusing this becomes. Especially because files within >directories can inherit the acl in 3 diffrent ways: BSD4.3 way, sys5 >way and the aegis way. It does not too difficult to take away the >files from the user, but to give 'em back with the same protection is >a little harder. > > My question: is there any easier way? It would be possible to make up some kind of system based upon changing the user's shell, force them into an environment so that they can only delete files. However we thought this too limiting, we wanted to leave them the options to use tools to backup their stuff to tape or copy it to other systems, etc. To cover all the posibilities would take a lot of work, but may be worth it. We have implemented a disk quota system based upon mangling user's ACLs. Actually doing it with ACLs is not that bad. You only need to remove the "w" bit from their directory ACL, don't need to mess with ACLs on files or the initial file/dir ACLs on the directories (controls inheritence). It was even nicer pre-sr10, all you had to do was to remove the 'a' bit from the directory. Under sr10, once you've removed the "w" bit, they can't use regular tools to delete files/dirs. So we had to create a set of special setuid tools to enable them to delete stuff. This was the hard part as we had to put all kinds of checks to make sure that they didn't use these tools to delete things that they shouldn't be able to. We didn't worry too much about restoring their ACLs exactly as they had them, it would have taken a lot of work to store them away some place in an easily restored form. We use a standard template to restore their ACLs from; they can reset them to what ever they want from there. We took the approach that they were given several days worth of warning and if they choose to ignore the warnings, then they deserve what they get. Dave Funk