xfs
[Top] [All Lists]

Re: [BUG] xfs_quota: can't handle the users managed by LDAP

To: Dave Chinner <david@xxxxxxxxxxxxx>
Subject: Re: [BUG] xfs_quota: can't handle the users managed by LDAP
From: Satoru Takeuchi <takeuchi_satoru@xxxxxxxxxxxxxx>
Date: Tue, 27 Nov 2012 16:27:34 +0900
Cc: xfs ML <xfs@xxxxxxxxxxx>
In-reply-to: <20121127025728.GU32450@dastard>
References: <50ADB27F.8070806@xxxxxxxxxxxxxx> <20121122233757.GY2591@dastard> <50B32CC1.3020907@xxxxxxxxxxxxxx> <50B4198E.7080408@xxxxxxxxxxxxxx> <20121127025728.GU32450@dastard>
User-agent: Mozilla/5.0 (Windows NT 6.0; rv:15.0) Gecko/20120907 Thunderbird/15.0.1
>>>>> Current xfs_quota (I pulled xfsprogs today) seems not be able to the users
>>>>> managed by LDAP. There is no patch since I'm not good at LDAP and don't 
>>>>> know
>>>>> the root cause yet ;-(
>>>>>
>>>>> Step to reproduce(in this case, "sat" is the user managed by LDAP):
>>>>> ===============================================================================
>>>>> # uname -r
>>>>> 3.7.0-rc5
>>>>> # mount -o loop,usrquota xfs.img mnt
>>>>> # xfsprogs/quota/xfs_quota -xc "limit bsoft=10M bhard=10M sat" /dev/loop0
>>>>> xfs_quota: invalid user name: sat                                         
>>>>>  # denied
>>>>> # su sat
>>>>> $                                                                         
>>>>>  # But this user acutally exists.
>>>>> ===============================================================================
>>>>>
>>>>> The kernel is a bit old, but I suspect this is a userland problem.
>>>>
>>>> Yes, userland.
>>>>
>>>> However, xfs_quota is not supposed to know about LDAP, or NIS, or
>>>> any other user database. It uses the getpwnam() to convert the user
>>>> name to a UID, and that call is failing to find "sat". This is
>>>> supposed to work with LDAP (as mentioned in the man page), and if it
>>>> isn't it generally means something is broken with your LDAP setup
>>>> (/etc/nsswitch.conf not correct?) rather than there being something
>>>> wrong with xfs_quota....
>>>
>>> Probably this behaivor comes from the difference between the test machine
>>> and the build machine which I built the upstream xfsprogs.
>>>
>>> I made the following simple program which just calls getpwnam().
>>>
>>> ===============================================================================
>>> #include <sys/types.h>
>>> #include <pwd.h>
>>> #include <err.h>
>>> #include <stdio.h>
>>> #include <stdlib.h>
>>>
>>> int main(void)
>>> {
>>>         struct passwd *p;
>>>         if ((p = getpwnam("sat")) == NULL)
>>>                 err(EXIT_FAILURE, "getpwnam() failed.");
>>>         printf("name = %s, id = %d\n", p->pw_name, p->pw_uid);
>>>         exit(EXIT_SUCCESS);
>>> }
>>> ===============================================================================
>>>
>>> Here is the result of this problem at the test machine.
>>>
>>>  - SUCCEEDED: build at the test machine
>>>  - FAILED: built at the build machine
>>>
>>> I will build xfsprogs at the test machine and confirm whether this behavior
>>> (getpwnam() fails) happens or not again.
>>
>> I retried the step to reproduce and encountered the anotehr behavior with the
>> newest xfsprogs built at the test machine. In this test, getpwnam()
>> worked fine, but quota didn't work for LDAP user.
>>
>> test result("testquota" is local user and "sat" is LDAP user here):
>> ===============================================================================
>> # mount -t xfs -o loop,usrquota xfs.img mnt
>> # ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
>> User quota on /home/sat/work/xfs/mnt (/dev/loop0)
>>                         Blocks              
>> User ID      Used   Soft   Hard Warn/Grace   
>> ---------- --------------------------------- 
>> root            0      0      0  00 [------]    # There is no limit yet
>>
>> # ~sat/src/xfsprogs/quota/xfs_quota -xc "limit bsoft=10M bhard=10M 
>> testquota" /dev/loop0
>> # echo $?
>> 0
>> # ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
>> User quota on /home/sat/work/xfs/mnt (/dev/loop0)
>>                         Blocks              
>> User ID      Used   Soft   Hard Warn/Grace   
>> ---------- --------------------------------- 
>> root            0      0      0  00 [------]
>> testquota       0    10M    10M  00 [------]     # limit to local user works 
>> fine
>> # ~sat/src/xfsprogs/quota/xfs_quota -xc "limit bsoft=10M bhard=10M sat" 
>> /dev/loop0
>> # echo $?
>> 0
>> # ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
>> User quota on /home/sat/work/xfs/mnt (/dev/loop0)
>>                         Blocks              
>> User ID      Used   Soft   Hard Warn/Grace   
>> ---------- --------------------------------- 
>> root            0      0      0  00 [------]
>> testquota       0    10M    10M  00 [------]      # limit to LDAP user does 
>> not work although xfs_quota returns 0
>> ===============================================================================
>>
>> I tried it with real partition rather than loopback device, but the result
>> was the same.
> 
> Can you strace the limit set and report of the ldap user and attach
> it? that will tell us directly whether xfs_quota saw the ldap user
> or not as we'll see a quotactl() being issued.
> 
> Also, instead of using a user name, can you  find out the user ID of
> "sat" and use "report -U <uid + 1> -h" so avoid the getpwent lookup
> and just report raw quota ids?

I found the root cause is in my nsswitch.conf or LDAP config as
you said. I'm sorry.

I attached these files.

 - limit.log:  strace log about "limit" subcommand
 - report.log: strace log about "report -h -U" subcommand
 - report_without_U: strace log about "report -h" subcommand

command log:
===============================================================================
# id sat
uid=507(sat) gid=507(sat) groups=507(sat)
# mount -o loop,usrquota xfs.img mnt
# ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
User quota on /home/sat/work/xfs/mnt (/dev/loop0)
                        Blocks              
User ID      Used   Soft   Hard Warn/Grace   
---------- --------------------------------- 
root            0      0      0  00 [------] # no limit yet

# strace -o limit.log ~sat/src/xfsprogs/quota/xfs_quota -xc "limit bsoft=10M 
bhard=10M 507" /dev/loop0 
# echo $?
0
# strace -o report.log ~sat/src/xfsprogs/quota/xfs_quota -xc "report -U 508 -h" 
/dev/loop0
User quota on /home/sat/work/xfs/mnt (/dev/loop0)
                        Blocks              
User ID      Used   Soft   Hard Warn/Grace   
---------- --------------------------------- 
#0              0      0      0  00 [------]
#507            0    10M    10M  00 [------]   # sat(uid=507) is here!

# ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
User quota on /home/sat/work/xfs/mnt (/dev/loop0)
                        Blocks              
User ID      Used   Soft   Hard Warn/Grace   
---------- --------------------------------- 
root            0      0      0  00 [------]    # doesn't show correctly
===============================================================================

I also confirmed xfs_quota -xc "limit ... sat" works.

===============================================================================
# ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
User quota on /home/sat/work/xfs/mnt (/dev/loop0)
                        Blocks              
User ID      Used   Soft   Hard Warn/Grace   
---------- --------------------------------- 
root            0      0      0  00 [------]

# ~sat/src/xfsprogs/quota/xfs_quota -xc "limit bsoft=10M bhard=10M sat" 
/dev/loop0
# echo $?
0
# ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h -U 508" /dev/loop0
User quota on /home/sat/work/xfs/mnt (/dev/loop0)
                        Blocks              
User ID      Used   Soft   Hard Warn/Grace   
---------- --------------------------------- 
#0              0      0      0  00 [------]
#507            0    10M    10M  00 [------]    # sat(uid=507) is here.

# ~sat/src/xfsprogs/quota/xfs_quota -xc "report -h" /dev/loop0
User quota on /home/sat/work/xfs/mnt (/dev/loop0)
                        Blocks              
User ID      Used   Soft   Hard Warn/Grace   
---------- --------------------------------- 
root            0      0      0  00 [------]    # doesn't show correctly
===============================================================================

So there is a problem in "report" subcommand. Refer to report_without_U.log,
I found "quotactl(Q_XGETQUOTA|GRPQUOTA, ...) is only called for local users
and it's because that getpwent() only returned only local users.

Thanks,
Satoru

Attachment: limit.log
Description: Text document

Attachment: report.log
Description: Text document

Attachment: report_without_U.log
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>