Linux-XFS Archive on lore.kernel.org
 help / color / Atom feed
From: Andreas Dilger <adilger@dilger.ca>
To: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>,
	Wang Shilong <wangshilong1991@gmail.com>,
	linux-xfs@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Ext4 Developers List <linux-ext4@vger.kernel.org>,
	Li Xi <lixi@ddn.com>, Wang Shilong <wshilong@ddn.com>
Subject: Re: [Project Quota]file owner could change its project ID?
Date: Sun, 20 Oct 2019 14:19:19 -0600
Message-ID: <6F46FB6C-D1E3-4BB8-B150-B229801EE13B@dilger.ca> (raw)
In-Reply-To: <20191017121251.GB25548@mit.edu>

[-- Attachment #1: Type: text/plain, Size: 2457 bytes --]

On Oct 17, 2019, at 6:12 AM, Theodore Y. Ts'o <tytso@mit.edu> wrote:
> 
> On Wed, Oct 16, 2019 at 06:28:08PM -0600, Andreas Dilger wrote:
>> I don't think that this is really "directory quotas" in the end, since it
>> isn't changing the semantics that the same projid could exist in multiple
>> directory trees.  The real difference is the ability to enforce existing
>> project quota limits for regular users outside of a container.  Basically,
>> it is the same as regular users not being able to change the UID of their
>> files to dump quota to some other user.
>> 
>> So rather than rename this "dirquota", it would be better to have a
>> an option like "projid_enforce" or "projid_restrict", or maybe some
>> more flexibility to allow only users in specific groups to change the
>> projid like "projid_admin=<gid>" so that e.g. "staff" or "admin" groups
>> can still change it (in addition to root) but not regular users.  To
>> restrict it to root only, leave "projid_admin=0" and the default (to
>> keep the same "everyone can change projid" behavior) would be -1?
> 
> I'm not sure how common the need for restsrictive quota enforcement is
> really going to be.  Can someone convince me this is actually going to
> be a common use case?

Project quota (i.e. quota tracking that doesn't automatically also convey
permission to access a file or directory) is one of the most requested
features from our users.  This is useful for e.g. university or industry
research groups with multiple grad students/researchers under a single
principal professor/project that controls the funding.

> We could also solve the problem by adding an LSM hook called when
> there is an attempt to set the project ID, and for people who really
> want this, they can create a stackable LSM which enforces whatever
> behavior they want.

So, rather than add a few-line change that decides whether the user
is allowed to change the projid for a file, we would instead add *more*
lines to add a hook, then have to write and load an LSM that is called
each time?  That seems backward to me.

> If we think this going to be an speciality request, this might be the
> better way to go.

I don't see how this is more "speciality" than regular quota enforcement?
Just like we impose limits on users and groups, it makes sense to impose
a limit on a project, instead of just tracking it and then having to add
extra machinery to impose the limit externally.

Cheers, Andreas






[-- Attachment #2: Message signed with OpenPGP --]
[-- Type: application/pgp-signature, Size: 873 bytes --]

  reply index

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-10-12  6:33 Wang Shilong
2019-10-12 20:51 ` Dave Chinner
2019-10-13 16:41 ` Darrick J. Wong
2019-10-16 11:51   ` Wang Shilong
2019-10-16 21:22     ` Dave Chinner
2019-10-16 21:37     ` Darrick J. Wong
2019-10-17  0:28       ` Andreas Dilger
2019-10-17 12:12         ` Theodore Y. Ts'o
2019-10-20 20:19           ` Andreas Dilger [this message]
2019-10-20 22:25             ` Theodore Y. Ts'o
2019-10-21 21:15               ` Andreas Dilger
2019-10-21 23:35         ` Dave Chinner
2019-10-23 23:01           ` Andreas Dilger

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=6F46FB6C-D1E3-4BB8-B150-B229801EE13B@dilger.ca \
    --to=adilger@dilger.ca \
    --cc=darrick.wong@oracle.com \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-xfs@vger.kernel.org \
    --cc=lixi@ddn.com \
    --cc=tytso@mit.edu \
    --cc=wangshilong1991@gmail.com \
    --cc=wshilong@ddn.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-XFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-xfs/0 linux-xfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-xfs linux-xfs/ https://lore.kernel.org/linux-xfs \
		linux-xfs@vger.kernel.org
	public-inbox-index linux-xfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-xfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git