blob: 41644eeb904618e34a7533dceae45f811f28fecb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
|
<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_setquota">
<refmeta>
<refentrytitle>pam_setquota</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Linux-PAM</refmiscinfo>
<refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv xml:id="pam_setquota-name">
<refname>pam_setquota</refname>
<refpurpose>PAM module to set or modify disk quotas on session start</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis xml:id="pam_setquota-cmdsynopsis" sepchar=" ">
<command>pam_setquota.so</command>
<arg choice="opt" rep="norepeat">
fs=<replaceable>/home</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
overwrite=<replaceable>0</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
debug=<replaceable>0</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
startuid=<replaceable>1000</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
enduid=<replaceable>0</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
bsoftlimit=<replaceable>19000</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
bhardlimit=<replaceable>20000</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
isoftlimit=<replaceable>3000</replaceable>
</arg>
<arg choice="opt" rep="norepeat">
ihardlimit=<replaceable>4000</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 xml:id="pam_setquota-description">
<title>DESCRIPTION</title>
<para>
pam_setquota is a PAM module to set or modify a disk quota at session start
</para>
<para>
This makes quotas usable with central user databases, such as MySQL or LDAP.
</para>
</refsect1>
<refsect1 xml:id="pam_setquota-options">
<title>OPTIONS</title>
<para>
<variablelist>
<varlistentry>
<term>
fs=/home
</term>
<listitem>
<para>
The device file or mountpoint the policy applies to. Defaults to the
filesystem containing the users home directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
overwrite=0
</term>
<listitem>
<para>
Overwrite an existing quota. Note: Enabling this will remove the ability
for the admin to manually configure different quotas for users for a
filesystem with <citerefentry><refentrytitle>edquota</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>. (Defaults to 0)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
debug=0
</term>
<listitem>
<para>
Enable debugging. A value of 1 outputs the old and new quota on a device.
A value of 2 also prints out the matched and found filesystems should
<option>fs</option> be unset. (Defaults to 0)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
startuid=1000
</term>
<listitem>
<para>
Describe the start of the UID range the policy is applied to.
(Defaults to UID_MIN from login.defs or the uidmin value defined
at compile-time if UID_MIN is undefined.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
enduid=0
</term>
<listitem>
<para>
Describe the end of the UID range the policy is applied to. Setting
<emphasis>enduid=0</emphasis> results in an open-ended UID
range (i.e. all uids greater than <option>startuid</option> are
included). (Defaults to 0)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
bsoftlimit=19000
</term>
<listitem>
<para>
Soft limit for disk quota blocks, as defined by <citerefentry>
<refentrytitle>quotactl</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.
Note: <option>bsoftlimit</option> and <option>bhardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
bhardlimit=20000
</term>
<listitem>
<para>
Hard limit for disk quota blocks, as defined by <citerefentry>
<refentrytitle>quotactl</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.
Note: <option>bsoftlimit</option> and <option>bhardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
isoftlimit=3000
</term>
<listitem>
<para>
Soft limit for inodes, as defined by <citerefentry><refentrytitle>
quotactl</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
Note: <option>isoftlimit</option> and <option>ihardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
ihardlimit=4000
</term>
<listitem>
<para>
Hard limit for inodes, as defined by <citerefentry><refentrytitle>
quotactl</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
Note: <option>isoftlimit</option> and <option>ihardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 xml:id="pam_setquota-types">
<title>MODULE TYPES PROVIDED</title>
<para>
Only the <option>session</option> module type is provided.
</para>
</refsect1>
<refsect1 xml:id="pam_setquota-return_values">
<title>RETURN VALUES</title>
<para>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The quota was set successfully.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_IGNORE</term>
<listitem>
<para>
No action was taken because either the UID of the user was outside
of the specified range, a quota already existed and
<option>overwrite=1</option> was not configured or no limits were
configured at all.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
The user was not found.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_PERM_DENIED</term>
<listitem>
<para>
<filename>/proc/mounts</filename> could not be opened.
</para>
<para>
The filesystem or device specified was not found.
</para>
<para>
The limits for the user could not be retrieved. See syslog for
more information.
</para>
<para>
The limits for the user could not be set. See syslog for
more information.
</para>
<para>
Either <option>isoftlimit</option>/<option>ihardlimit</option>
or <option>bsoftlimit</option>/<option>bhardlimit</option> were
not set at the same time.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 xml:id="pam_setquota-examples">
<title>EXAMPLES</title>
<para>
A single invocation of `pam_setquota` applies a specific policy to a UID
range. Applying different policies to specific UID ranges is done by
invoking pam_setquota more than once. The last matching entry
defines the resulting quota.
<programlisting>
session required pam_setquota.so bsoftlimit=1000 bhardlimit=2000 isoftlimit=1000 ihardlimit=2000 startuid=1000 enduid=0 fs=/home
session required pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=2001 enduid=3000 fs=/dev/sda1
session required pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=3001 enduid=4000 fs=/dev/sda1 overwrite=1
</programlisting>
</para>
</refsect1>
<refsect1 xml:id="pam_setquota-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 xml:id="pam_setquota-author">
<title>AUTHOR</title>
<para>
pam_setquota was originally written by
Ruslan Savchenko <savrus@mexmat.net>.
</para>
<para>
Further modifications were made by Shane Tzen <shane@ict.usc.edu>,
Sven Hartge <sven@svenhartge.de>
and Keller Fuchs <kellerfuchs@hashbang.sh>.
</para>
</refsect1>
</refentry>
|