User Quota's

Hey,

I have a virtual server running FreeBSD and Apache and I am trying to figure out the following problem:

I want to give the user access to the following 2 directories...

/a/path/web
/a/path/stats

Which I think are self explanatory, I then want to set an FTP quota on that user, up to this point I am fine. The problem is that I dont want to include the stats directory in that quota. So if I create a user with access to /a/path and give them 20MB quota it will give them access to the web and stats dirs, but I only want the web dir quota'd because if there stats exceed 20MD they wont be able to add new files to their site for example.

Any suggestions?

erm... never done any quota-ing, so this might be very wide of the mark, but can you not just quota the /a/path/web directory?

if you're then worried about people uploading into the /a/path/stats directory, just make sure they don't have permission to write there (while making sure that apache can write there. i am thinking your stats dir is to hold apache logs. if this is the case, you should also be thinking about rotation)

ah... (apologies for the rambling approach)... i see that my "quota" command quotas by user (or group) if your stats are put there by another user than the ftp user, then they won't be counted anyway.

blah blah....

i wonder:
what is going in your stats folder? who is putting it there? how are you proposing to do your quota-ing? have you thought about aliasing your stats directory in from elsewhere?

I cannot just quota the web dir because in doing so I would only allow the user access to the web dir and I need the user to have access to both.

I am well aware of rotation for the files but the client I am dealing with on this occasion receives a lot of traffic. I am not concerned about preventing them from writing to the stats dir, just that it is not counted as part of the web quota that is the most important issue.

you could add "Options +FollowSymlinks", move the stats files to another folder outside the web directory and make a symbolic link to it.
sure there is better solutions that i cannot think of right now...

System quotas are per fs and not per dir, so they are out. Apache doesn't have quotas at all, so it's out as well. The only thing left is ftp and no AFAIK you can't do it with any of existing ftpds. So you have to use links

How Al?

okie, so you got /usr/home/smooth/web which is on /usr fs. Then you got /var/stats/smooth on another fs. You set quota for user for /usr filesystem and leave /var alone without any quotas on it. Then just ln -s /usr/home/smooth/stats /var/stats/smooth and sort out perms.

Hey Al,

Well I set up a Sym link as suggested but it doesnt work because the user is setup with a path and because the other file system is not within that path it just returns that it cannot find the dir / does not exist error. Regardless of what permissions I set. Only Admin or Root user can follow the sym link.

Show us some real paths and permissions and where your sever stats live.

Ok,

Here is a real example with the domain ommitted

Users full path to account space with quota of 20MB (In this case the Username of the account is that of the domain, so in this example 'domain')

/usr/home/silkwebd/usr/home/domain.com/

Permissions

lrwxr-xr-x 1 silkwebd vuser 29 Feb 12 12:53 backups -> ../server_bups/domain.com
drwxr-xr-x 3 silkwebd vuser 512 Feb 2 06:21 web

Web being the location of all web files for the account and backups being the symbolic link to:

/usr/home/silkwebd/usr/home/server_bups/domain.com

Permissions

drwxr-xr-x 2 silkwebd vuser 512 Feb 12 12:29 stats

With stats being the directory which contains the standard Apache access_log and error_log files. Please remember this is only a Virtual Server so I have access to nothing before /usr/home/silkwebd.

Need to know anything else?

You should move your /usr/home/silkwebd/usr/home/server_bups directory tree to elsewhere, for quota purpose, as the physical stats dir should NEVER resides under silkwebd's HOME in the first place (for security reason). Not to mention the physical stats dir shouldn't owned by silkwebd user.
Move it to elsewhere like: /www/silkwebd/server_bups then at /usr/home/silkwebd/usr/home/domain.com/ create a symlink like so:

ln -sf /www/silkwebd/server_bups backups

freebsd,

silkwebd is not the user account, it is the admin account for the virtul server which is subhosting X number of accounts as follows:

/usr/home/silkwebd/usr/home/domain.com/
/usr/home/silkwebd/usr/home/domain1.com/
/usr/home/silkwebd/usr/home/domain2.com/
/usr/home/silkwebd/usr/home/domain3.com/
/usr/home/silkwebd/usr/home/domain4.com/
/usr/home/silkwebd/usr/home/domain5.com/

My access to the sever starts at

/usr/home/silkwebd (In that I cannot go below that to: /www/silkwebd)

So what your suggesting me to do in my own lamans terms. Is to change my stats location for each web site FROM:

/usr/home/silkwebd/usr/home/server_bups/domain.com/
/usr/home/silkwebd/usr/home/server_bups/domain1.com/
/usr/home/silkwebd/usr/home/server_bups/domain2.com/
/usr/home/silkwebd/usr/home/server_bups/domain3.com/
/usr/home/silkwebd/usr/home/server_bups/domain4.com/
/usr/home/silkwebd/usr/home/server_bups/domain5.com/

TO something like:

/usr/home/silkwebd/www/server_bups/domain.com/
/usr/home/silkwebd/www/server_bups/domain1.com/
/usr/home/silkwebd/www/server_bups/domain2.com/
/usr/home/silkwebd/www/server_bups/domain3.com/
/usr/home/silkwebd/www/server_bups/domain4.com/
/usr/home/silkwebd/www/server_bups/domain5.com/

And then create the Symlink as per your instructions with the corrected paths?

>> it is the admin account for the virtul server

Then you have to forget about filesystem quota since you just can't do it with your limited priviledge on the server.

The easiest way is to write a script and run it every 5 minutes or so via a cronjob. Though, you still should mkdir /usr/home/silkwebd/www/server_bups/domain.com and give the user minimal (read-only) permission for anything under /usr/home/silkwebd/www.
Note, the stats dir is intended to store hit stats, no more, no less. You definitely don't want them to abuse it and fill it up with mp3/porno stuffs (even for few hours temporarily is not allowed).
Now counting the quota with a script is much easier, at the same time they can't abuse it.
Depending on the FTP software your using, you can deny them access to each other's root dir even if you chroot them. I believe proftpd could do all that.