On Oct 17, 2019, at 6:12 AM, Theodore Y. Ts'o <tytso@xxxxxxx> wrote: > > On Wed, Oct 16, 2019 at 06:28:08PM -0600, Andreas Dilger wrote: >> I don't think that this is really "directory quotas" in the end, since it >> isn't changing the semantics that the same projid could exist in multiple >> directory trees. The real difference is the ability to enforce existing >> project quota limits for regular users outside of a container. Basically, >> it is the same as regular users not being able to change the UID of their >> files to dump quota to some other user. >> >> So rather than rename this "dirquota", it would be better to have a >> an option like "projid_enforce" or "projid_restrict", or maybe some >> more flexibility to allow only users in specific groups to change the >> projid like "projid_admin=<gid>" so that e.g. "staff" or "admin" groups >> can still change it (in addition to root) but not regular users. To >> restrict it to root only, leave "projid_admin=0" and the default (to >> keep the same "everyone can change projid" behavior) would be -1? > > I'm not sure how common the need for restsrictive quota enforcement is > really going to be. Can someone convince me this is actually going to > be a common use case? Project quota (i.e. quota tracking that doesn't automatically also convey permission to access a file or directory) is one of the most requested features from our users. This is useful for e.g. university or industry research groups with multiple grad students/researchers under a single principal professor/project that controls the funding. > We could also solve the problem by adding an LSM hook called when > there is an attempt to set the project ID, and for people who really > want this, they can create a stackable LSM which enforces whatever > behavior they want. So, rather than add a few-line change that decides whether the user is allowed to change the projid for a file, we would instead add *more* lines to add a hook, then have to write and load an LSM that is called each time? That seems backward to me. > If we think this going to be an speciality request, this might be the > better way to go. I don't see how this is more "speciality" than regular quota enforcement? Just like we impose limits on users and groups, it makes sense to impose a limit on a project, instead of just tracking it and then having to add extra machinery to impose the limit externally. Cheers, Andreas
Attachment:
signature.asc
Description: Message signed with OpenPGP
