quota problem with user-nfs
hi, i am trying to export a filesystem with quotas to nfs clients. server and clients are suse 8.2. if i use kernel nfs (nfs-utils) at the server, quotas are honored by the clients. but if i use user-nfs (nfs-server-2.2beta51-39) at the server, clients can write over all quota limits. do i anything wrong or is this a known bug? is there any workaround? best regards, martin. ps: please don't answer: why not using server-nfs -- Martin Walter University of Freiburg i.Br. --- Germany --- Fon/Fax: +49 761 203-4651/-4643 Rechenzentrum der Universitaet, Hermann-Herder-Str.10, D-79104 Freiburg i.Br.
Hi Martin,
hi,
i am trying to export a filesystem with quotas to nfs clients. server and clients are suse 8.2. if i use kernel nfs (nfs-utils) at the server, quotas are honored by the clients.
but if i use user-nfs (nfs-server-2.2beta51-39) at the server, clients can write over all quota limits.
do i anything wrong or is this a known bug? is there any workaround?
Are you running /usr/sbin/rpc.rquotad when universal nfs server (Olaf Kirch's userspace nfs implementation) is used? RPC program 100011 (rquotad) must be registered at the server's portmapper at the client's mount time. Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // Nail here | SuSE Linux AG - Security Phone: // for a new | Nürnberg, Germany +49-911-740530 // monitor! --> [x] | - -
On Wed, 13 Aug 2003, Roman Drahtmueller wrote:
i am trying to export a filesystem with quotas to nfs clients. server and clients are suse 8.2. if i use kernel nfs (nfs-utils) at the server, quotas are honored by the clients.
but if i use user-nfs (nfs-server-2.2beta51-39) at the server, clients can write over all quota limits.
do i anything wrong or is this a known bug? is there any workaround?
Are you running /usr/sbin/rpc.rquotad when universal nfs server (Olaf Kirch's userspace nfs implementation) is used? RPC program 100011 (rquotad) must be registered at the server's portmapper at the client's mount time.
yes. with and without rpc.rquotad, makes no difference. any idea? thanx martin. -- Martin Walter University of Freiburg i.Br. --- Germany --- Fon/Fax: +49 761 203-4651/-4643 Rechenzentrum der Universitaet, Hermann-Herder-Str.10, D-79104 Freiburg i.Br.
On Wed, Aug 13, 2003 at 03:41:02PM +0200, Martin Walter wrote:
yes. with and without rpc.rquotad, makes no difference.
any idea?
The problem is most likely that the user space nfsd runs with full root capabilities, and the disk quota stuff ignores any quota hard limits if the process has CAP_SYS_RESOURCE. unfsd should probably turn off CAP_SYS_RESOURCE (or maybe even all caps) while accessing the file system. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
On Wed, 13 Aug 2003, Olaf Kirch wrote:
The problem is most likely that the user space nfsd runs with full root capabilities, and the disk quota stuff ignores any quota hard limits if the process has CAP_SYS_RESOURCE.
unfsd should probably turn off CAP_SYS_RESOURCE (or maybe even all caps) while accessing the file system.
very good idea! indeed following commands solved my problem: ######################################################################### echo 0xfeffffff > /proc/sys/kernel/cap-bound rcnfsserver restart ######################################################################### thanx, martin. -- Martin Walter University of Freiburg i.Br. --- Germany --- Fon/Fax: +49 761 203-4651/-4643 Rechenzentrum der Universitaet, Hermann-Herder-Str.10, D-79104 Freiburg i.Br.
participants (3)
-
Martin Walter -
Olaf Kirch -
Roman Drahtmueller