On Tue, Jul 08, 2003 at 07:45:27PM +0200, Lars Braeuer wrote: > Herbert Poetzl wrote: > >>>> > >>>>#4043 0 -- 644 0 0 59 0 0 > >>>>#200 0 -- 584 0 0 83 0 0 > >>>>#505 0 -- 5148 0 0 274 0 0 > >>>>#573 0 -- 454248 0 0 33443 0 0 > >>>>#3009 0 -- 2512 0 0 305 0 0 > > > > > >up to here its context 0 (physical) but no names associated > >(no entries in /etc/passwd, unusual but possible)
the entire quota system is based on uid/gid information and the visualization (like repquota) only uses additional information (like the password file) to enhance the experience ;) > so this means that there are no username -> userid "mappings" in > /etc/passwd but the userid's exist somewhere, but noone knows? ;) if you use chown 666.666 <whatever file> you'll lose your file to the beast ... > >>ok, now I installed a fresh virtual server on an LVM device. vrsetup is > >>using /dev/vroot/1 for this vserver (I guess using one vroot device per > >>vserver is the way to do it). I copied the patched quota-tools 3.08 to > >>the vserver. right after entering the vserver I ran quotacheck -augvm and > >>quotaon -augv. > > > > > >I must admit, I've lost the thread ... > > no problem. I used your secure LVM how-to to setup everything. > http://www.13thfloor.at/VServer/HowTo_LVMQS.shtml > (btw there's a missing "/" on line 7 of your LV01.sh) ahh, here comes the first user *bing*, I guess I'll fix this between the second and the third one ... > >- for lvm/loop based approach, you would use > > one vroot device per lvm lv or loop, to > > block unwanted access and permit quotactl > > ok. so for /dev/vg/LV01 and /dev/vg/LV02 I would use two vroot devices > (that's what I'm already doing), right? right! > does the vroot devices have to be used one after one (eg. 0, 1, 2, 3 > instead of 0, 1, 4)? I tried to use /dev/vroot/4 (before using vroot > devices 1, 2, 3) just so that the vroot device number matches the context > number 4 (for convenience). no problem with that, if you have enough of them ready ;) > >>after adding user "virtual01" it looks like this (two new entries): > >> > >>User CTX used soft hard grace used soft hard > >>grace > >>--------------------------------------------------------------------------- > >>.... > >>#0 4 -- 2 0 0 2 0 0 > >>#1000 4 -- 4 0 0 3 0 0 > > > > > >#0 4 is root in context 4 (as the patched tools report) > >#1000 4 is the user with uid 1000 in context 4 > > > >if the user with uid 99 in context 10 writes to a file in > >/path/to/dir (quota enabled) this will natually account for > >user #99/10 (in the physical view) but should be reported > >as user #99 (in the vserver view, quota & edquota) > > so it's correct that there are no usernames in the repquota view, but only > userid's? depends, but I would say, its only a sign of not-yet-entirely-fixed quota tools/quota behaviour but nothing to worry, unless you rely on this output in general, quota and edquota are good/safe for in vserver use, repquota and quotacheck should be saved for the physical server, where the patched version should work as expected ... > thanks for your extensive help. you're welcome ... best, Herbert
