Date: Thu, 27 Jun 2002 20:43:20 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: Lee <lee@unassemble.co.uk> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Quota in FreeBSD 4.6, Apache 1.3 & Proftpd Message-ID: <20020627202808.E18697-100000@ren.sasknow.com> In-Reply-To: <012d01c21e20$e438a720$6400a8c0@Administrator>
next in thread | previous in thread | raw e-mail | index | archive | help
Lee wrote to freebsd-questions@FreeBSD.ORG: > Say I have the above configuration running on a server as in the > subject. What I wish to achive is to only allow users to use an > amount of disk space (quota) that they have paid for. > > Now here is the problem, I have read the quota documents form that > handbook and man pages, the require you to have a different system > account for each quota you wish to enable. That's kind of the idea. The OS needs *some* way to differentiate accounts to assess quotas. But read below. > Apache runs as the same user (ok I know you can use SUEXEC) > regardless of the web site being accessed. Yes, but that doesn't mean that each web site can't (or shouldn't!) have it's own account, as long as the public contents are readable by Apache. You certainly don't want to have a tree of webs owned by the Apache user! (But hopefully you knew that ;-) > Proftpd has quota support enabled, but it seems a little unfinished > and very little documents are available. Also it appears to be > based primarily on number of uploads/downloads rather than used disk > space. After trying just about everything else, I came back to ProFTPd and have been happy ever since. I do not, however, rely on any quota features it has. > To top all this off I would prefer users to be virtual, i.e. no > shell accounts at all, possibly with SQL database records instead. Ok. It is easy for users to have an entry in the password database (i.e., they have an "account", but not to be allowed shell access to the system). Simply set their shell to /sbin/nologin. Just make sure the shell exists in /etc/shells, or most FTPds will deny access. If you're providing FTP, the users will need writeable home directories, too. The existing UNIX user account paradigm actually works for this kind of setup. That is not to say it will do everything you want, so there are alternatives that do indeed auth against an SQL database. Read up on PAM, and the SQL auth modules that are available for it. ProFTPd can be configured to auth via PAM (or is it by default, even?) > I already have this sort of setup working for my e-mail using > VPopMail & Qmail. Idealy I am looking to have my whole setup based > on databases to allow for a web-based managment system. Good move. Again, read up on PAM. > What I have though about doing is writing a shell or perl script > that checks the used web space at regular intervals and logs it for > another program to analysis, possibly for billing purposes. For your quota problem, yes, this is a viable option. Many management consoles and the like have support for quota checking... but if you just want to know how much space each account is using, cd /home && du -d 1 | sort -n | mail ryan works pretty good. :-) You'll probably want to run that as root, to catch directories your regular user account may not have access to. Note that the above doesn't attempt to *enforce* quotas... but then you can bill your users for the extra storage :-) With some only slightly more fancy scripting around that, you could set it to check limits and only report the offenders, or send the results right to your billing software, or disable uploads until some files are deleted. Keep in mind it's a userland solution, and doesn't protect against the old fill-up-your-disk DoS. > Can anyone suggest an alternative solution and possibly different > programs to the problem. > > Regards > > Lee > > > -- Ryan Thompson <ryan@sasknow.com> SaskNow Technologies - http://www.sasknow.com 901 1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-664-3630 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020627202808.E18697-100000>