From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@vger.kernel.org>
Received: from imap.thunk.org ([74.207.234.97]:41744 "EHLO imap.thunk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752201AbeABGWx (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
        Tue, 2 Jan 2018 01:22:53 -0500
Date: Tue, 2 Jan 2018 01:22:46 -0500
From: Theodore Ts'o <tytso@mit.edu>
To: Jim Meyering <jim@meyering.net>
Cc: Andreas Dilger <adilger@dilger.ca>,
        Niklas =?iso-8859-1?Q?Hamb=FCchen?= <niklas@nh2.me>,
        Linux FS-devel Mailing List <linux-fsdevel@vger.kernel.org>,
        Paul Eggert <eggert@cs.ucla.edu>,
        =?iso-8859-1?Q?P=E1draig?= Brady <P@draigbrady.com>
Subject: Re: O(n^2) deletion performance
Message-ID: <20180102062245.GJ2532@thunk.org>
References: <5ca3808d-4eea-afec-75a6-2cc41f44b868@nh2.me>
 <20180102015932.GF2532@thunk.org>
 <3FF0FC46-28A8-406C-A528-6F900735BEA1@dilger.ca>
 <CA+8g5KHLx6t_naqXbXskKX-k-tG9J-Hg+cLR8EBO1cqsSLbt3g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+8g5KHLx6t_naqXbXskKX-k-tG9J-Hg+cLR8EBO1cqsSLbt3g@mail.gmail.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

On Mon, Jan 01, 2018 at 08:27:48PM -0800, Jim Meyering wrote:
> Our goal (with fts and coreutils) has been to make it harder for an
> accident or maliciousness (with a few million entries in a directory)
> to hinder file system traversals. Of course, it's not just rm: any
> FS-traversal tool is affected: cp, chmod, chgrp, du, find, tar, etc.
> Sure, quotas can help, but even self-inflicted accidents happen on
> single-user systems with no quotas.
> 
> Idly wondered if the default inode limits could save ext4 users? Perhaps not.
> In this 850GB file system, I see it has 48M inodes (caveat, I may have
> changed the default when I created it -- don't recall):

Well, it's a bit of a blunt hammer, but you *can* set a mount option
"mount -t ext4 -o max_dir_size_kb=512" which will not allow the
directory to grow larger than 512k (or pick your favorite limit).

To me that's like putting a speed limit governer on a car because you
don't trust the driver not to exceed some arbitrary (sometimes opposed
by politicians who think they know better) limit.  Personally, I would
be super annoyed if my car was outfitted with something which didn't
let me go faster than 90 km/h or 56 mph.  But, apparently many
commercial vehciles, particular in the UK, do have such things.

But if you don't trust your users, the feature is there for a
sysadmin/BOFH to impose on said users; but personally, it's relatively
rare thing, and when trading off between the pain caused by hitting an
artificially imposed limit, versus the patience needed to recover from
accidentally dumping 16 million files into a directory --- I prefer
the latter.  I can wait a few minutes....

						- Ted