Re: [Lam-public] Quota

Mon, 30 Dec 2024 04:15:10 -0800 

Hi Rodrigo,

I think the pam_setquota module only allows static quotas for all users.
For individual quotas based on the LDAP entry take a look at e.g. /usr/share/quota/ldap/applySystemQuotas.pl. On Debian this is part of the "quota" package. 

Best regards
Roland



Am 30.12.24 um 08:07 schrieb Rodrigo Prieto:

Hello, I have an issue with the configuration of pam_setquota.so. I added
the following quota schema:

# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 8fd665e7
dn: cn=quota,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: quota
olcAttributeTypes: {0}( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas
(FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
olcObjectClasses: {0}( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' DESC
'System Quotas' SUP posixAccount AUXILIARY MUST uid MAY quota )

I create a user, and the attributes are created correctly:

objectclass: systemQuotas
objectclass: posixAccount
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
quota: /home,500,510,0,0

Configuration of /etc/pam.d/common-session:

# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session [success=ok default=ignore] pam_ldap.so minimum_uid=1000
session optional pam_systemd.so
session optional pam_mkhomedir.so skel=/etc/skel umask=077
session required pam_setquota.so
# end of pam-auth-update config

Linux filesystem quota works correctly if I do it manually or through lamdaemon.

When logging in with an LDAP user, the following appears in Debian
logs: pam_setquota(login:session): no limits defined in configuration
for user zprieto on /dev/vda5.
I don’t know what is missing that prevents the user’s attributes from
being read. Thank you very much.



_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public




_______________________________________________
Lam-public mailing list
Lam-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public






















					Reply via email to