Samba user quota implementation question

Uri Simchoni uri at samba.org
Thu May 28 08:16:32 UTC 2020 

On 5/27/20 10:42 PM, Krishna Harathi via samba-technical wrote:
> Our OneXafe FS  supports share/fs level quota using smb.conf “set quota command” and “get quota command”.
> 
> We are currently extending support to user-level quotas using the same interface, when Samba smbd is an AD DC member.
> 
> Setting user quota from a windows client is working as expected. But once quota is set, none of the users are listed in the quota’s pop-up window, so cannot delete or modify quota properties. Moreover, creating a new quota entry for the same user is generating a “quota entry already exists for this user” error.
> 
> By tracing get/set requests to our file server, I see that our FS server is receiving a get request for Samba for every user entry in the local password file, but none for the UID of the DC member user. But I do see a default quota get request for the group GID.
> 
> The problem seems to be that the get/set command interface does not obviously support a “list” user quota api to the hosting FS.
> 
> Questions on this –  We can post and manage user entry (host-local uid/gid) corresponding to the DC user sid/gid whenever a “set user quota” is received. I did verify that when an entry is made manually, windows user quota workflow behaves as expected. Is the problem assumption correct and is this a way to implement? Is there a better way, given the constraints?
> 
> We are using Samba 4.7.11 patched with https://bugzilla.samba.org/show_bug.cgi?id=13553#c17 fix for 4.7.
> 
> Any help is this issue is much appreciated in advance.
> 
> Regards.
> Krishna Harathi
> 

Hi!

I believe Samba's quota implementation is lacking in that regard. I
guess none has ever taken the time to implement it properly, and the
current implementation of enumerating quota entries is at POC state
(meaning that it understands the SMB protocol but the backend is not
implemented fully).

The correct way to enumerate  quota settings on <something> (be it a
disk, a share, a folder, ...) is to look at the <something> and see what
quota settings are there. Typically we won't find many quota settings -
maybe one per group, at most one per user which actually using the
<something>.

Samba on the other hand, tries to enumerate all users, and check for
each user whether there are quota setting for it. This approach doesn't
scale well in an AD domain which has many more users than users of the
<something> in question. If it was up to me, we'd remove the ability of
winbindd to enumerate all domain users (we actually tried that once but
got a backlash and reverted the change).

So what I'd do is come up with a new VFS API call to enumerate quota
entries, have the default implementation extend the
sys_get_quota()/sys_set_quota() functions with a sys_list_quotas() or
something similar, and then write a VFS module for my custom file system
(or a VFS module that calls a script if I was worried about GPL).

I hope that helps,
Uri.

More information about the samba-technical mailing list