We would like our support people to be able to do real-time quota verification for customers, meaning that support person A is able to tell customer B that they're using 9.688MB of their 10MB quota.
Having gone that far, we would actually really like to have a web page for our non-UNIX customers to check their usage. We can't use the normal /usr/ucb/quota program that comes with Solaris because it requires you to run as root to check someone else's usage. If we try to use suexec or cgiwrap to run programs as the user, we will have to make a copy of the script for every customer. This is sub-optimal.
So what we want is a program (Solaris preferred, Linux or NT might be acceptable) that will allow any user to check the total usage for any other user.
Seems like this would have come up with other people using NetApps extensively.
Does NetApp have an official program that does this? Possibly a program that someone has contributed?
main(int argc, char **argv) { setuid(0); argv[0] = "/usr/sbin/quota"; execv(argv[0], argv); }
Compile the above, chown it to root and make it set user with chmod u+s. It runs the standard quota command as root, passing through the command line args. Now you have a command that any user can run to report any quota. No need for suexec or cgiwrap.
We would like our support people to be able to do real-time quota verification for customers, meaning that support person A is able to tell customer B that they're using 9.688MB of their 10MB quota.
Having gone that far, we would actually really like to have a web page for our non-UNIX customers to check their usage. We can't use the normal /usr/ucb/quota program that comes with Solaris because it requires you to run as root to check someone else's usage. If we try to use suexec or cgiwrap to run programs as the user, we will have to make a copy of the script for every customer. This is sub-optimal.
So what we want is a program (Solaris preferred, Linux or NT might be acceptable) that will allow any user to check the total usage for any other user.
Seems like this would have come up with other people using NetApps extensively.
Does NetApp have an official program that does this? Possibly a program that someone has contributed?
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support
Sorry, should have specified "and we don't want it to run suid root".
From looking at the situation, it seems that we should be able to run an RPC program that talks to the NetApp and tells us the quota. We just didn't want to have the program if we could avoid it. We're also a bit concerned that the kernel may restrict what we're trying to do. We haven't looked far enough into things to know if that's a real problem.
Thanks again.
-----Original Message----- From: Stephen C. Losen [mailto:scl@sasha.acc.virginia.edu] Sent: Wednesday, October 20, 1999 11:38 AM To: founder@teleport.com Cc: toasters@mathworks.com Subject: Re: Source for a non-root quota program?
main(int argc, char **argv) { setuid(0); argv[0] = "/usr/sbin/quota"; execv(argv[0], argv); }
Compile the above, chown it to root and make it set user with chmod u+s. It runs the standard quota command as root, passing through the command line args. Now you have a command that any user can run to report any quota. No need for suexec or cgiwrap.
We would like our support people to be able to do real-time quota verification for customers, meaning that support person A is able to tell customer B that they're using 9.688MB of their 10MB quota.
Having gone that far, we would actually really like to have a web page for our non-UNIX customers to check their usage. We can't use the normal /usr/ucb/quota program that comes with Solaris because it requires you to run as root to check someone else's usage. If we try to use suexec or cgiwrap to run programs as the user, we will have to make a copy of the script for every customer. This is sub-optimal.
So what we want is a program (Solaris preferred, Linux or NT might be acceptable) that will allow any user to check the total usage for any
other
user.
Seems like this would have come up with other people using NetApps extensively.
Does NetApp have an official program that does this? Possibly a program that someone has contributed?
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support
/* James Deibele [founder@teleport.com] writes: */
From looking at the situation, it seems that we should be able to run an RPC
program that talks to the NetApp and tells us the quota. We just didn't want to have the program if we could avoid it. We're also a bit concerned that the kernel may restrict what we're trying to do. We haven't looked far enough into things to know if that's a real problem.
Have you looked to see if there is an SNMP variable/array which might have the quota information you want? The NetApp MIB implies that the information is there.
/* Stephen C. Losen [scl@sasha.acc.virginia.edu] writes: */
main(int argc, char **argv) { setuid(0); argv[0] = "/usr/sbin/quota"; execv(argv[0], argv); }
Compile the above, chown it to root and make it set user with chmod u+s. It runs the standard quota command as root, passing through the command line args. Now you have a command that any user can run to report any quota. No need for suexec or cgiwrap.
Just a few comments...
. Quota is already suid on the platforms I am most familiar with. SunOS 4.x, Solaris 2.x, FreeBSD, ...
. It is typically a bad idea to simply wrap a program and make it suid. It is a *significant* security risk.
. Letting users see quotas for anyone but themselves is inappropriate in many environments. Certainly can be construed as a privacy issue if nothing else.
I had the following program that our tech support people used to check quotas. For lack of anything better, I called it "magicquota"
You can easily do this by putting your tech support people in a "quota" group, then:
chown root magicquota chgrp quota magicquota chmod 4750 magicquota
Now only your tech support people (or anyone in group "quota") can check other users's quotas.
See the attached magicquota.c for the code.
James:
We don't have a script/binary for this yet, but you can get all the quota information for trees, users, and groups out of SNMP without root privledges or needed to be on a trusted host.
Our plan is to provide a script/binary for our users that uses SNMP to check any user or tree quota. If and when we get around to writing it, we'll post it for everyone's benefit. =)
-- Jeff
-- ---------------------------------------------------------------------------- Jeff Krueger E-Mail: jeff@qualcomm.com NetApp File Server Lead Phone: 858-651-6709 IT Engineering and Support Fax: 858-651-6627 QUALCOMM, Incorporated Web: www.qualcomm.com
From "James Deibele" on Wed, 20 Oct 1999 10:45:08 PDT:
We would like our support people to be able to do real-time quota verification for customers, meaning that support person A is able to tell customer B that they're using 9.688MB of their 10MB quota.
Having gone that far, we would actually really like to have a web page for our non-UNIX customers to check their usage. We can't use the normal /usr/ucb/quota program that comes with Solaris because it requires you to run as root to check someone else's usage. If we try to use suexec or cgiwrap to run programs as the user, we will have to make a copy of the script for every customer. This is sub-optimal.
So what we want is a program (Solaris preferred, Linux or NT might be acceptable) that will allow any user to check the total usage for any other user.
Seems like this would have come up with other people using NetApps extensively.
Does NetApp have an official program that does this? Possibly a program that someone has contributed?
We don't use per-user quotas here, but I did write an SNMP-based quota grabber for use with filer-mrtg to list tree quotas. I wouldn't necessarily do it the same way if I were looking for a single user's quota situation, but this script might be instructive. Enjoy.
Greg
-
Gregory M. Paris -
James Deibele -
Jeff Krueger -
Joe Gross -
Mitch Wright -
mitch@netline.com -
Stephen C. Losen