Univention Bugzilla – Bug 54537
Filesystem quota doesn't work with usernames containing only numbers
Last modified: 2022-04-27 16:20:56 CEST
If a username only contains numbers Quota will not work. Regardless the sense of purpose creating user_names_ with numbers only there is no official restriction to this. Neither in our documentation (I have already opened a docu-bug to recommend to not do this) nor in POSIX: ------ POSIX Compliance (User Name) IEEE Std 1003.1-2001 is one of the POSIX standards (“Portable Operating System Interface for Unix”) 3.426 User Name A string that is used to identify a user; see also User Database. To be portable across systems conforming to IEEE Std 1003.1-2001, the value is composed of characters _from the portable filename_ character set. The hyphen should not be used as the first character of a portable user name. 3.276 Portable Filename Character Set The set of characters from which portable filenames are constructed. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9 . - The last three characters are the period, underscore, and hyphen characters, respectively. ------- There is no restriction that says only numbers is not legal. Next to the reported and attached ticket there is a forum post about that problem: https://help.univention.com/t/ucs-4-3-user-smb-quota-cant-be-set/10016 To reproduce you simply need a username containing numbers only and try to apply a quota to.
I wonder why we actually allow "uid" to be build based on numbers only?
root@primary20:~# udm users/user create --set username=12345 --set lastname=number --set password=univention Object created: uid=12345,dc=ucs50domain,dc=net root@primary20:~# id 12345 uid=2027(12345) gid=5001(Domain Users) Gruppen=5001(Domain Users) root@primary20:~# touch testfile1 root@primary20:~# chown 2027 testfile1 root@primary20:~# ls -l testfile1 -rw-r--r-- 1 12345 root 0 Mär 24 12:30 testfile1 root@primary20:~# touch testfile2 root@primary20:~# chown 12345 testfile1 root@primary20:~# ls -l testfile2 -rw-r--r-- 1 root root 0 Mär 24 12:31 testfile2
groups with numeric names also give mixed experience: root@primary20:~# udm groups/group create --set name=54321 Object created: cn=54321,dc=ucs50domain,dc=net root@primary20:~# getent group 54321; echo $? 2 root@primary20:~# chgrp 54321 testfile2 root@primary20:~# ls -l testfile2 -rw-r--r-- 1 root 54321 0 Mär 24 12:31 testfile2 root@primary20:~# python3 -c "import grp; print(grp.getgrnam('54321'))" grp.struct_group(gr_name='54321', gr_passwd='*', gr_gid=5081, gr_mem=[])
Created attachment 10932 [details] bug54537.patch The attached patch seems to fix the issue. man setquota / man quota says: --always-resolve Always try to translate user / group name to uid / gid even if the name is composed of digits only. To clean up the "#"-prefixed uids from the umc module (i.e. from the repquota output), e.g. if you see "#98765432" in addition to "98765432" in the UMC output for some filesystem, you can set run setquota without that options and set the quota values back to default like this: /usr/sbin/setquota -u '98765432' 0 0 0 0 "${filesystem:?Please specify filesystem}"
Created attachment 10933 [details] 54537.patch
71f11726bb | Make quota work for numeric only usernames b665abe9b7 | Advisory version Package: univention-quota Version: 13.0.1-9A~4.4.0.202204201845 Branch: ucs_4.4-0 Scope: errata4.4-9
REOPEN: while the code changes look good there seems to be another problem. When I add a user "1234" assign a file limit of 33/34 and size limit of 2mb/3mb and reach the limits then the quotas are removed. su 1234 for ((i=1;i<=10; i++)); do dd if=/dev/urandom of=foo$i count=1024 done
Ok, could reproduce: After creating a file share a simple `su - 1234` removes the quota. Debugging with `ucr set quota/logfile=/tmp/1.log` showed that univention-user-quota calls setquota with `0 0 0 0`. That was caused because the preceeding call to quota was still missing the --always-resolve. 3d89a83d5a | Add missing --always-resolve to univention-user-quota ee9690a42f | Advisory update
OK: quota can be set for numeric only username OK: YAML
<https://errata.software-univention.de/#/?erratum=4.4x1229>