[lug] Sun Client Redhat AS3 NFS Probs

Hugh Brown hugh at math.byu.edu
Mon May 17 20:33:21 MDT 2004


> Well, it really could be a mess.  I had just one of almost 100
> projects moved to the new NFS server, and it was seriously
> filling up my logs.  Now, if this really is a security issue, am
> I really better off having the quota files setup but no actual
> quotas set?  I only want quotas on the home directories (which
> haven't been moved yet, but will be) and I want the researchers
> (the users) to be able to fill their projects right to capacity
> if they so desire.  Quotas as part of protecting filesystem
> overflows seems more applicable to /var which generally isn't
> exported, so rquotad wouldn't notice it.  Also, I don't know of
> anyone who applies quotas to /var... Maybe I'm missing the point,
> or not making my own clear.  Here are the pieces of the puzzle as
> I see it.
> 
> A.  I want rquotad on because /export/home will have quotas on it
> that people want to check from client systems.
> 
> B.  I am also exporting /export/projXX which I don't want quotas
> on them.
> 
> C.  I still need setup quota files for the /export/projXX drives
> and mount them with quota options turned on, because otherwise
> everytime any user on any client runs a 'quota -v' every mounted
> directory without quotas will generate errors on the server.
> 
> Don't make sense to me, and I'm not convinced quotas are a facet
> of security.  I think it is better classified as a facet of
> controling the users, which may have security issues.

Here are a couple of things I would look for (I'll be a quota novitiate
at some point in the near future):

Does the quota system have unlimited quotas thereby giving you
effectively no quotas for the shares that you don't want them on?

Can you just set up a "null" quota file of some sort (for appropriate
values of null)?

As a last resort, can you modify rquotad's logging activities so that it
doesn't give you the error from before but you can still get critical
errors (i.e. can you send it to a syslog local[0-7] facility and then
log local?.emerg)?

Hugh




More information about the LUG mailing list