On Saturday 23 November 2002 14:32, Herbert Poetzl wrote: > CAP_SYS_ADMIN is currently sufficient for complete > quota control, CAP_QUOTACTL enables root in a virtual > server to maintain the user quotas.
How did you get around allowing the virtual server that is running the commands access to the disk device that the partition resides on? It's undesirable to allow root on a vserver to be able to open a block device directly (amplus nucleus violatus), which must be provided for some of the ioctl() commands required by quota commands. The only sensible work-around involves userland passing of quota admin operations from one context to another, eg via an ssh forced command. Sam.
