[SOLVED] Set disk quota for newly created user on login
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
You would have to look at the code details for most of that.
The biggest limitations I see offhand (not having used it), are that:
1) you can only set one quota entry -- and that gets used by all users
2) you can't use the users home directory to identify the disk to set the quota on
Neither of these limitations may be a problem for a departmental style server, but could be a problem for a more widely used server (multiple class levels with different quota requirements, AND different storage servers...)
1.How to set one quota entry which can be used by all users. I can set quota for one user and then using setquota, can copy similar details for all the users from /etc/passwd file recursively. Is there any other way.
1.I am looking for solution so set quota automatically whenever new user logged in. User could be from external server like AD or OpenLDAP or from that machine itself.
1. If you are using an NFS server then the account has to exist on the server; doing that I believe uses a different method (an rpc call, not a local system call).
2. Besides user quotas, there are also group quotas (sharing the the quota among multiple users).
3. On shared servers, not all users are allowed a quota... Only on certain filesystems. Setting one for a user on /home is fine and dandy - but incomplete. There can also be local workspace quotas that are needed (things used like /tmp).
4. not all users of a compute server may have access to all storage on various (possibly accessible) filesystems.
For these reasons, quotas are not usually set when a user logs in, but when the users account is setup.
Now the PAM module you found COULD be modified for the home directory... but that isn't what it was originally used for. It could even be modified to make LDAP queries to identify the filesystems the user IS authorized for, and then create quotas on those filesystems...
But it would take a good bit of work, which is actually easier to do when the user is being authorized in the first place.
Thanks for detailed description. I will explain what exactly I am trying to achieve.
My setup is like, CentOS server with OpenLDAP external authentication enabled. Now I want to set quotas for OpenLDAP users. I can di it be checking all users with "getent" and then set quota for them. In this case if any new user is added in Openldap. I have to execute command/script again. Hence I would like to setup something to set quota automatically when user logs in.
pam_setquota seems to be not working on CentOS 6.4 x86_64 system. Is there any other way to do this.
I make it worked with group quota. Basically I am allowing user auth from OpenLDAP or AD based on group. Means I will enable authentication for group and every user for that group can login to Linux box. Now I am setting quota for that group and its working.
There is small issue though, I observed that group quota is not user basis. Meaning if I enabled group quota to 100mb, all users of that group together can use up to 100mb and not the individual user. Is this the normal quota setup behavior .
I had the exact same issue today. I would like to make it so when a new user auth via AD/LDAP a xMB quota is applied to their home dir. Group quota isn't sufficient as like you say , it applies to the whole group and not individual user. I need each user to have a set quota of X. The value is the same for every user. Hourly (or more) cron job could have been an option working out all new users and setting the quota but there is still a chance someone could fill the disk before the next time the job runs.
I've been looking at PAM (and will probably continue) but for now I have a little dodgy hax to get me going..
Create file in /etc/profile.d/
sudo /root/set_user_quota.sh $USER
Create sudo rule allowing regular user to run the script as root
%adldapgroup ALL = (root) NOPASSWD:EXEC:/root/set_user_quota.sh
Script to set the quota to 2MB
echo "Setting /home quota for $FOO to 2MB"
setquota -u $FOO 0 2048 0 0 -a /home
** obviously a few more things to think about here like making sure you dont mess up root user or other users you might want to exclude. Also a check to not set the quota if its already been set.. You know , make it better.. But still , it works.
[root@server12345 ~]# su - xxxxxx
Setting /home quota for xxxxxx to 2MB
Consider what happens if the "$USER" happens to be '`echo xyz:x:0:0:gotcha:/root:/bin/bash >>/etc/passwd`;`echo xyz:<someencrypted passwd>::::::: >>/etc/shadow'
Or if "$USER" is '`/bin/bash`', and give the user a root shell right away.
Execution from /etc/profile might work... but nothing can prevent the user from using the command again and taking over the system. (Note: did this myself once... and had to take over the system to fix something else, and this technique was how I did it)