235 lines
8.8 KiB
HTML
235 lines
8.8 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.2M.l">
|
|
<TITLE>The Answer Guy 45: Quotas on a Sublet Web Server?</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Guy</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
LinuxCare,
|
|
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 4 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>Quotas on a Sublet Web Server?</H3>
|
|
|
|
|
|
<p><strong>From Tim Pellett on Fri, 20 Aug 1999
|
|
</strong></p>
|
|
<!-- ::
|
|
Quotas on a Sublet Web Server?
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG>
|
|
AnswerGuy,
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
I found you on the internet and was wondering if
|
|
you could answer my question/problem.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
I am renting space on a Unix/<A HREF="http://www.apache.org/">Apache</A> server and
|
|
am at the user level. We are allowed to redistribute
|
|
the space given to us and I want to set up file quotas.
|
|
I do not want to give space to other people w/o
|
|
setting up file size limits.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
I asked the ISP and they said I can do it myself using
|
|
'file quota software'. I cannot find such a product
|
|
for a unix/apache server. Everything is Win 95/NT etc.
|
|
I cannot use the quota command b/c I do not have access
|
|
to sys admin files.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Do you have any suggestions? I have been trying to
|
|
figure this out for months now, and am getting frustrated!
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanks,
|
|
Tim
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Let's see if I got this right ... you have some
|
|
virtual hosted web space (not a co-located server
|
|
but an account on your ISP's web server). They
|
|
somehow allow you to create further accounts in
|
|
your virtual space. You want to do this, and to
|
|
apply quotas to those sublet accounts.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
I can't help but ask the obvious economic question,
|
|
why would someone go through you to get this service
|
|
rather than getting directly from your ISP? Is there
|
|
really enough wiggle room in the margins for an
|
|
arbitrage opportunity here?
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In any event, getting back to the technical question...
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You don't mention which version of UNIX you are using.
|
|
Suppport for system quotas is one of those things that
|
|
varies considerably from one version of UNIX to another.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
If your ISPs support people say it can be done with
|
|
software that they know of --- please press them for
|
|
the specifics.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
My guess would be that the solution would depend quite
|
|
a bit on which version of UNIX this system was running,
|
|
and a bit on the specifics of their account management
|
|
system. If they are providing you with your own
|
|
chroot jail, and giving you access to create your own
|
|
UNIX accounts within that jail, they'd have to be
|
|
providing some pretty hairy clones to a large number
|
|
of administrative utilities in order to have any
|
|
chance of maintaining any semblance of system security.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
(Technically all of the account management in UNIX is
|
|
done in user space. The kernel only respects UIDs and
|
|
GIDs for making access determinations. Consequently,
|
|
you could theoretically create almost any sort of
|
|
account management scheme you wanted, if you were
|
|
willing to rewrite enough of the utility and library
|
|
infrastructure to support it. I doubt they've done this,
|
|
so I have serious misgivings about the security of their
|
|
approach).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Of course I'm guessing that you're talking about some sort
|
|
of relatively generalized shell/FTP/mail support for these
|
|
"sublet" user IDs.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
If you're willing to force your customers to go through a
|
|
custom interface to update their web pages (and you're
|
|
constraining them solely to web page publication) you could
|
|
use somewhat simpler models.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Let's assume that you are only interested in web page
|
|
publication. I'm guessing that the account management
|
|
then boils down to something like a set of CGI/PHP scripts
|
|
that allow users to update their accounts (and manage the
|
|
usernames, passwords, directory structures and any
|
|
accounting data that you maintain).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
You'd also be providing some sort of mechanism for them to
|
|
upload their new web masterpieces. Whatever mechanism you
|
|
provide to do this (presumably a set of CGI programs or
|
|
scripts) can perform the quota calculations and implement
|
|
your policy enforcement. It seems like quite a lot of
|
|
custom coding to duplicate a set of functions that are
|
|
already provided by the underlying operating system.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
All in all it seems like it would be much easier and
|
|
not much more expensive to co-locate a server of your
|
|
own at some ISP site. Then you could use established
|
|
OS system features and utilities to manage all of this.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Otherwise I can see a general solution to your question
|
|
that doesn't involve an utter lack of security on the
|
|
part of your ISP. If they essentially give you 'root'
|
|
access to this shared server then you have to ask what
|
|
protection they are offering their customers from
|
|
one another. That becomes a question of how they are
|
|
protecting your customers from their other customers
|
|
(some of whom might be your competitors in this
|
|
bizarre multi-level ISP scheme).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
I notice that you don't actually say you're trying to sell
|
|
this space to other people. The technical problems are the
|
|
same in any event.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In any event you'd have to provide quite a bit more
|
|
details about what version of UNIX this ISP is using,
|
|
(and keep in mind that I'm the <EM>Linux</EM> AnswerGuy so
|
|
Solaris, AIX, and other UNIX questions may be ignored),
|
|
about what account management mechanisms they are using,
|
|
about which services you intend to provide and about
|
|
what mechanisms and protocols you intend for them to use
|
|
in updating their web pages.
|
|
</BLOCKQUOTE>
|
|
<!-- sig -->
|
|
|
|
<!-- end 4 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 1999, James T. Dennis
|
|
<BR>Published in <I>The Linux Gazette</I> Issue 45 September 1999</H5>
|
|
<H6 ALIGN="center">HTML transformation by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Technical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<P> <hr> <P>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<TABLE WIDTH="98%"><TR VALIGN="center" ALIGN="center">
|
|
<TD ROWSPAN="2" COLSPAN="2" WIDTH="42%"><A
|
|
HREF="../lg_answer45.html"
|
|
><IMG SRC="../../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Index ]"></A></td>
|
|
<TD WIDTH="14%"><A HREF="1.html">1</A></TD>
|
|
<TD WIDTH="14%"><A HREF="2.html">2</A></TD>
|
|
<TD WIDTH="14%"><A HREF="3.html">3</A></TD>
|
|
<TD WIDTH="14%"><A HREF="4.html">4</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="14%"><A HREF="5.html">5</A></TD>
|
|
<TD WIDTH="14%"><A HREF="6.html">6</A></TD>
|
|
<TD WIDTH="14%"><A HREF="7.html">7</A></TD>
|
|
<TD WIDTH="14%"><A HREF="8.html">8</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD><A HREF="9.html" >9</A></TD>
|
|
<TD><A HREF="10.html">10</A></TD>
|
|
<TD><A HREF="11.html">11</A></TD>
|
|
<TD><A HREF="12.html">12</A></TD>
|
|
<TD><A HREF="13.html">13</A></TD>
|
|
</TR></TABLE>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr> <P>
|
|
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<A HREF="../index.html"
|
|
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="/index.html"
|
|
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
|
|
<A HREF="../lg_bytes45.html"
|
|
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
|
|
<A HREF="../lg_tips45.html"
|
|
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
|
|
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|