Linux-XFS Archive on lore.kernel.org
 help / color / Atom feed
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Andreas Dilger <adilger@dilger.ca>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
	Wang Shilong <wangshilong1991@gmail.com>,
	linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Ext4 Developers List <linux-ext4@vger.kernel.org>,
	Li Xi <lixi@ddn.com>, Wang Shilong <wshilong@ddn.com>
Subject: Re: [Project Quota]file owner could change its project ID?
Date: Thu, 17 Oct 2019 08:12:52 -0400
Message-ID: <20191017121251.GB25548@mit.edu> (raw)
In-Reply-To: <648712FB-0ECE-41F4-B6B8-98BD3168B2A4@dilger.ca>

On Wed, Oct 16, 2019 at 06:28:08PM -0600, Andreas Dilger wrote:
> I don't think that this is really "directory quotas" in the end, since it
> isn't changing the semantics that the same projid could exist in multiple
> directory trees.  The real difference is the ability to enforce existing
> project quota limits for regular users outside of a container.  Basically,
> it is the same as regular users not being able to change the UID of their
> files to dump quota to some other user.
> 
> So rather than rename this "dirquota", it would be better to have a
> an option like "projid_enforce" or "projid_restrict", or maybe some
> more flexibility to allow only users in specific groups to change the
> projid like "projid_admin=<gid>" so that e.g. "staff" or "admin" groups
> can still change it (in addition to root) but not regular users.  To
> restrict it to root only, leave "projid_admin=0" and the default (to
> keep the same "everyone can change projid" behavior) would be -1?

I'm not sure how common the need for restsrictive quota enforcement is
really going to be.  Can someone convince me this is actually going to
be a common use case?

We could also solve the problem by adding an LSM hook called when
there is an attempt to set the project ID, and for people who really
want this, they can create a stackable LSM which enforces whatever
behavior they want.

If we think this going to be an speciality request, this might be the
better way to go.

						- Ted

  reply index

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-12  6:33 Wang Shilong
2019-10-12 20:51 ` Dave Chinner
2019-10-13 16:41 ` Darrick J. Wong
2019-10-16 11:51   ` Wang Shilong
2019-10-16 21:22     ` Dave Chinner
2019-10-16 21:37     ` Darrick J. Wong
2019-10-17  0:28       ` Andreas Dilger
2019-10-17 12:12         ` Theodore Y. Ts'o [this message]
2019-10-20 20:19           ` Andreas Dilger
2019-10-20 22:25             ` Theodore Y. Ts'o
2019-10-21 21:15               ` Andreas Dilger
2019-10-21 23:35         ` Dave Chinner
2019-10-23 23:01           ` Andreas Dilger

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20191017121251.GB25548@mit.edu \
    --to=tytso@mit.edu \
    --cc=adilger@dilger.ca \
    --cc=darrick.wong@oracle.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=lixi@ddn.com \
    --cc=wangshilong1991@gmail.com \
    --cc=wshilong@ddn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-XFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-xfs/0 linux-xfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-xfs linux-xfs/ https://lore.kernel.org/linux-xfs \
		linux-xfs@vger.kernel.org
	public-inbox-index linux-xfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-xfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git