[Samba] Is “obey pam restrictions” still supposed to work in Samba 4?
Andrew Bartlett
abartlet at samba.org
Wed Feb 10 21:56:04 UTC 2021
On Wed, 2021-02-10 at 22:52 +0100, Chentao Credungtao wrote:
> > Not via this method. I suggest overall file quotas, but that
> > wouldn't stop individual files growing.
> > Sorry!
>
> So, to sum things up, limiting the size of individual files cannot
> be
> achieved, only overall quotas can be implemented.
>
> If I understand you right, the files on the samba server aren't
> created
> by the end user (e.g. johndoe) , but by some kind of samba hook, and
> that's why the restrictions defined in limits.conf aren't enforced
> (or
> are only enforced at the first attempt, according to my tests).
My guess is that in the single smbd process, the limits are being set,
then overridden.
The pam_limits design assumes the process running PAM is going to be
like a login shell, the parent process for a single user, not a multi-
user application like smbd. One smbd can service multiple accounts
(from the same client machine), so it is possible to have pam_limits
called many times for many users, eg also the machine account of the
PC.
In any case, any limit which causes samba to be instantly terminated
with a signal is a bad idea, Samba will clean up but this isn't a good
plan for the normal case.
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT - Expert Open Source
Solutions
https://catalyst.net.nz/services/samba
More information about the samba
mailing list