PERFORCE change 35438 for review
rwatson at FreeBSD.org
Sun Aug 3 21:35:39 GMT 2003
Change 35438 by rwatson at rwatson_paprika on 2003/08/03 14:35:28
Finish up the quota section; summarize the kernel protections,
and the impact of file system protections on the backing files.
Affected files ...
.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#9 edit
==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/secarch/chapter.sgml#9 (text+ko) ====
@@ -1605,37 +1605,31 @@
While the file system is in operation and quota support is
enabled, the quota file measurements are updated by the kernel
as a result of various file operations allocating or freeing
+ resources; the backing files are sychronized with the condition
+ of the file system during the boot process to account for any
+ operations that occurred while quotas were disabled, or to
+ address inconsistencies resulting from a crash or improper
Operations requiring allocation in excess of the limits for a
process will result in an error and message sent to the
- controlling terminal for that process (if any).</para>
+ controlling terminal for that process (if any).
+ Quota protections are not enforced for the root user.</para>
- <para>XXX: only if uid matches that of file.</para>
-to retrieve quota information, may do so from the quota definition
-files (operator readable), or using the system call interface.
-the system call interface will succeed if the effective uid of the
-process matches that of the requested user, or if the requested
-group quota is present in the processes effective or extended
-control the use of disk space by users or groups
-resources of interest are #inodes (#files/directories/...) and #blocks
-configured per-filesystem, backed into files that may be on that or
-another file system (should be owned by root user)
-soft/hard distinctions permits warnings
-space synchronized at boot, and tracked over I/O operations
-users may monitor their own quota, but privilege required to change
-quotas (note: bypass of privilege check is possible if quota
-databases are not properly protected).
- <para>XXX: Odd kernel vs non-kernel enforcement of viewing
+ <para>Quota configuration, including the specific values assigned
+ as quotas, may be performed only by privileged processes.
+ Quota information may be retrieved by a unprivileged process for
+ uids and gids that match the effective uid, effective gid, or
+ extended group of the process credential.
+ By setting the
+ <literal>security.bsd.unprivileged_get_quota</literal> sysctl,
+ privileged processes may authorize unprivileged processes to
+ query the quotas of other uids and gids.
+ As quota information is stored in backing files, the protections
+ on the backing files must be set correctly to properly
+ protect quota information and configuration, or direct I/O to
+ to the backing files may bypass kernel protections.
+ By default, quota backing files are readable and writable by
+ the root user, and readable by the operator group.</para>
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs