On Wed, Oct 16, 2019 at 06:28:08PM -0600, Andreas Dilger wrote: > I don't think that this is really "directory quotas" in the end, since it > isn't changing the semantics that the same projid could exist in multiple > directory trees. The real difference is the ability to enforce existing > project quota limits for regular users outside of a container. Basically, > it is the same as regular users not being able to change the UID of their > files to dump quota to some other user. > > So rather than rename this "dirquota", it would be better to have a > an option like "projid_enforce" or "projid_restrict", or maybe some > more flexibility to allow only users in specific groups to change the > projid like "projid_admin=<gid>" so that e.g. "staff" or "admin" groups > can still change it (in addition to root) but not regular users. To > restrict it to root only, leave "projid_admin=0" and the default (to > keep the same "everyone can change projid" behavior) would be -1? I'm not sure how common the need for restsrictive quota enforcement is really going to be. Can someone convince me this is actually going to be a common use case? We could also solve the problem by adding an LSM hook called when there is an attempt to set the project ID, and for people who really want this, they can create a stackable LSM which enforces whatever behavior they want. If we think this going to be an speciality request, this might be the better way to go. - Ted
