From: Lars Braeuer (lbraeuer_at_mpex.net)
Date: Tue 08 Jul 2003 - 18:45:27 BST
Herbert Poetzl wrote:
>>>>
>>>>#4043 0 -- 644 0 0 59 0 0
>>>>#200 0 -- 584 0 0 83 0 0
>>>>#505 0 -- 5148 0 0 274 0 0
>>>>#573 0 -- 454248 0 0 33443 0 0
>>>>#3009 0 -- 2512 0 0 305 0 0
>
>
> up to here its context 0 (physical) but no names associated
> (no entries in /etc/passwd, unusual but possible)
so this means that there are no username -> userid "mappings" in /etc/passwd but
the userid's exist somewhere, but noone knows? ;)
>>ok, now I installed a fresh virtual server on an LVM device. vrsetup is
>>using /dev/vroot/1 for this vserver (I guess using one vroot device per
>>vserver is the way to do it). I copied the patched quota-tools 3.08 to the
>>vserver. right after entering the vserver I ran quotacheck -augvm and
>>quotaon -augv.
>
>
> I must admit, I've lost the thread ...
no problem. I used your secure LVM how-to to setup everything.
http://www.13thfloor.at/VServer/HowTo_LVMQS.shtml
(btw there's a missing "/" on line 7 of your LV01.sh)
> - for lvm/loop based approach, you would use
> one vroot device per lvm lv or loop, to
> block unwanted access and permit quotactl
ok. so for /dev/vg/LV01 and /dev/vg/LV02 I would use two vroot devices (that's
what I'm already doing), right?
does the vroot devices have to be used one after one (eg. 0, 1, 2, 3 instead of
0, 1, 4)? I tried to use /dev/vroot/4 (before using vroot devices 1, 2, 3) just
so that the vroot device number matches the context number 4 (for convenience).
>>after adding user "virtual01" it looks like this (two new entries):
>>
>>User CTX used soft hard grace used soft hard grace
>>---------------------------------------------------------------------------
>>....
>>#0 4 -- 2 0 0 2 0 0
>>#1000 4 -- 4 0 0 3 0 0
>
>
> #0 4 is root in context 4 (as the patched tools report)
> #1000 4 is the user with uid 1000 in context 4
>
> if the user with uid 99 in context 10 writes to a file in
> /path/to/dir (quota enabled) this will natually account for
> user #99/10 (in the physical view) but should be reported
> as user #99 (in the vserver view, quota & edquota)
so it's correct that there are no usernames in the repquota view, but only userid's?
thanks for your extensive help.