Mailinglist Archive: opensuse-security (274 mails)
| < Previous | Next > |
Re: [suse-security] quota problem with user-nfs
- From: Martin Walter <mawa@xxxxxxxxxxxxxxx>
- Date: Wed, 13 Aug 2003 17:59:14 +0200 (CEST)
- Message-id: <Pine.LNX.4.53.0308131757440.2578@xxxxxxxxxxxxxxxxxxxxxxxx>
On Wed, 13 Aug 2003, Olaf Kirch wrote:
> The problem is most likely that the user space nfsd runs with full root
> capabilities, and the disk quota stuff ignores any quota hard limits if
> the process has CAP_SYS_RESOURCE.
>
> unfsd should probably turn off CAP_SYS_RESOURCE (or maybe even all caps)
> while accessing the file system.
very good idea! indeed following commands solved my problem:
#########################################################################
echo 0xfeffffff > /proc/sys/kernel/cap-bound
rcnfsserver restart
#########################################################################
thanx,
martin.
--
Martin Walter
University of Freiburg i.Br. --- Germany --- Fon/Fax: +49 761 203-4651/-4643
Rechenzentrum der Universitaet, Hermann-Herder-Str.10, D-79104 Freiburg i.Br.
> The problem is most likely that the user space nfsd runs with full root
> capabilities, and the disk quota stuff ignores any quota hard limits if
> the process has CAP_SYS_RESOURCE.
>
> unfsd should probably turn off CAP_SYS_RESOURCE (or maybe even all caps)
> while accessing the file system.
very good idea! indeed following commands solved my problem:
#########################################################################
echo 0xfeffffff > /proc/sys/kernel/cap-bound
rcnfsserver restart
#########################################################################
thanx,
martin.
--
Martin Walter
University of Freiburg i.Br. --- Germany --- Fon/Fax: +49 761 203-4651/-4643
Rechenzentrum der Universitaet, Hermann-Herder-Str.10, D-79104 Freiburg i.Br.
| < Previous | Next > |