Re: [cobalt-users] RE: disk quota errors but not sure why

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

Cobalt wrote:

> Sure HELL is a problem cuz the person CAN'T upload his files. Sound like a
> problem to me.
> Maybe you don't mind phone calls saying he can't get the files up why not. I
> don't.
> Especially when I log in and see what I saw.

I just spent four hours debugging why a cookie wouldn't work, and the
problem ended up being a missing "optional" element.  That's right; the
element is optional but without it the javascript wasn't picking up the
cookie.

And I've been administering Unix systems since the '70s.

Such is life, Cobalt.  If you're not willing to quietly, systematically,
learn something new about your systems every day, then you're really not
cut out to administer systems.

Perhaps you're great at selling and can make a lot of money in
webhosting.  Or great at designing, and get lots of design customers you
want to host yourself.

Whatever, if you don't have what it takes to administer, then hire
someone to do it for you.  No, that doesn't mean s/he'd know the answer
(though I think most administrators would know about the quota "problem"
you've had), but that s/he'd know enough to look for it without almost
having a heart-attack.

Quick answer:  If the user uploads the files, s/he owns them, so they
fall under his/her quota.

Long answer:  Learn how to administer your boxes.

> Probaby right I don't understand. In plain english a quota is a limit. I set
> the friggen limit and the friggen box is not following it.

You set the limit for the user.

> No were did I see in the friggen manual were it says that if the site is set
> to x and user to y the friggen underlying OS will do its own friggen thing.
> If your manual is different please show me what page so I can friggen read
> it.

This is one that happens to make sense to me, because I know how quotas
work.  Sorry, there's no one manual; just a lot to learn and a lot of
places to look.  I still can't figure out why I can't upgrade one perl
module; I finally had to build it on another machine and copy the module
over; that's life.

> I don't expect it to limit the number of files but  the total BYTES/MEGS/GB
> in the directory tje quota is set for.

It did.  Based on the user.

> If I give you a quota of 500 dollars I don't care if its in quarters,nickles
> or whatever. 500 bucks is 500 bucks.
> Not well okay you can have 6 20's and 3 50's etc. That is HOW I understood a
> quota to be.
> Your quota is 100 widgets per month. Didn't realize that the geeks redid the
> meaning for the OS.
> Now I do.

Hmmm... sorry, but no you really don't.

> isn't one of unix's security measures the ability to limit were and what a
> person can do ?

Sorry if i'm the first to tell you this, but Unix was NEVER designed to
be secure.  Security is very minimal, hard to understand, and harder
still to implement.

> I read in the kb or on this list  that even with telnet access a user could
> visit other directories but COULD NOT do anything cuz of the permissions
> setup when he was added to the box.  Is that not true ?

It is if YOU (the administrator) sets up the permissions properly.  The
Cobalt/Sun RaQ boxes are designed to work in a shared hosting
environment.  That's a very different environment than the box currently
sitting on my bed, which is to be used specifically to sell shell
accounts.  Very different security model.

> If that is true then how is he going to get files else were ? well yes
> cracking but then hes in bad bad trouble.

Oh, come on.  It's your house.  Lock it.  Do you really think the cops
want to come over every time someone walks in and takes your TV because
you left the door unlocked?  If you live in New York City you'll need
three locks, you'll need what's called a Fox Police Lock because it
works even if the door jamb is weak, broken, or nonexistent).  If you
live in Coeur d'Alene, Idaho, where crime is a lot lower, you'll need a
bit less.  Well, guess what, your machine is a public hosting machine...
and guess what, that's the cyberspace equivalent of NYC.

And oh, one more thing... IN ORDER FOR FILES TO BE READABLE ON THE NET
THEY MUST BE WORLD-READABLE.  SO ANYONE WHO LOGS IN CAN READ THEM.  Yes,
I've been shouting.  I hope you heard.

(Though I'm not sure what this has to do with quotas at all, which
really aren't about security, except in the general sense of limiting
resource use.)

> I see. Makes sense.  Makes very good sense. However isn't one of unix's
> major attributes its security in limiting this type of behaviour ?

If you saw, then you would have seen that the way Linux implements
quotas IS it's security in limiting this type of behavior.

> Again tho being that the RAQ was suppose to require no or very little OS
> knowledge they should have put that in the manual for us (me)
> newbie -dummies- idiots.  I do RTFM and don't recall every seeing that in
> there.

It might not; I really don't remember.  What I do know is that if I
upload files they're covered under my quota.  I guess I've "always"
known that, but I can't tell you how, because I don't know how.

However, I can ask why you think yelling, screaming, and cursing at the
other users on this list, people who're trying to help you learn, will
get you anywhere.  Why do you think it will?

Do you think we owe you something?  We don't.  We read and respond here
for several reasons.  Some of them probably include caring and a sense
of community.  Some of us actually post here because we earn a living
helping customers who see us write here and then who write us offlist
and ask us if we can work for them.

Others of us probbly have an incredible ego, and feel good when we can
answer questions and show off our knowledge.  Many of us probably fit
into all of these little pigeonholes <smile>.

But we can easily be "turned off"; it takes me only seconds to route all
email from you directly into "Trash" without even seeing it.  Once
enough of us do that, then you DON'T get questions answered,
unfortunately.

> okay starting to get it now. However kinda mucked up I think. SO what if two
> users are site admins. ?
> both need the 50 megs setup  thus allowing the site 100 megs ? when 50 is
> all they should have gotten ?
> Or one main site admin with 50 and then the secondary site admin will need
> 50 so again the site will either take up more or run out. ? I think. I have
> a headache. were my shot of jack D and  12 pack of beer.

It's probably the beer and Jack Daniels that's causing the headaches,
but that's not the point of this list, so I'll try to help you
understand...

Most hosting companies offer you, for example, a 50 meg website, and ten
five-meg mailboxes.  That's NOT the Cobalt/Sun RaQ model.  The way the
RaQ does it, is that your customer gets (for example, 200 megabytes) and
can use it anyway s/he wants.

If you want to emulate the "most hosting companies" model in your RaQ (I
did that for years), here's what you do for, for example, a 50-meg
website, and ten five-meg mailboxes...

First you add up everything.  50 megs for the website and another 50
megs for the ten five-meg mailboxes.  So you give the "site" 100
megabytes.

Then you set up the site administrator account with a 50-meg personal
quota.  S/he doesn't use this account for mail, but instead all admin
(perhaps catchall) email gets forwarded to one of the personal
mailboxes, or any other email box anywhere.  If you've got multiple
admins you can let them share this account for uploading... note though,
that it gives them a lot more control, so if you really want the "most
hosting companies model", you'll set this up yourself, and not even
allow admin logins to the account.  Then each user gets five megabytes. 
Your maximum users are set for eleven; one for the admin, and ten for
the mailboxes.

And yes, you're right, if you want two people to be able to upload as
site admins, you have to give them both the maximum quota you want for
the website. And that means the website could be larger than 50 megs. 
And yes, that means the mailboxes could end up smaller.  In that case,
for two admins, for example, I'd set the site up for 150 megabytes, and
either let them go over, or do a count once in a while to check them,
perhaps charging them for extra space.

But it's easier to use the Cobalt model if you're using a RaQ.

There are lots of models out there; there's the ensim platform, there's
the Plesk platform, both if you want to buy or rent.  There's the AIT
platform, if you just want to rent.  There's CPANEL if you want to buy
but have your machine look a bit like AITs.  You do your research, you
pay your money, and you take your choice.

You know, a lot of people make very good money hosting with their RaQs. 
If you can't, I suppose you can always sell yours to someone who can. 
We buy used RaQ4s all the time now.

> I use the box for hosting only. No mail. do that on a dedicated machine. And
> only people that work on a customers site get access. Don't allow them to do
> their little HI this is me pages or see my kitty cat fluffy.
> 
> So while I understand what you are saying and it does make sense it also
> creates problems. I think.

Then there really wasn't any reason for you to get a RaQ.  In once
sentence you say you don't know anything; in another you say you host
email on a dedicated machine.  So at this point I know nothing about you
at all except you don't fit any of the models I understand.

> Site admin 1 gets 50
> site admin 2 gets  50
> site admin 3 gets 50  so they all can upload, edit the site.
> 
> but the site is set for 50. Now what ? What happens ?

If there's no mail on the box, that's fine.  The site can't go over 50,
and the individual admins can all upload/edit.

> I have a site were they are several webkeepers for different areas of the
> site .
> 
> yes one user/pass would work but what if they don't want that ?.

Again, this is NOT automatic under the Cobalt model.  Surely, since you
learned how to set up an email box, you can read the archives of this
list, and learn how many of us have already solved that problem.

> that is true. and I am learning. This cobalt !@#$^&*$%^$# box has driven me
> nutso. And it being MIPS probably adds to its difficulty.
> However, It should be assumed that the person on the other end is not a UNIX
> person when advertised as
> for complete idiots as myself.

You're a complete idiot but you've learned how to run email on it's own
box.  That's a pretty smart idiot, it seems to me <smile>.

> I don't expect it todo everything. If it did i woudln't need a woman.
> However I do expect  it to make sense or
> If not to have it in the MANUAL that came with the friggen thing.

This is exactly the kind of writing that makes us want to NOT help you. 
Hopefully you'll realize that, and your language will improve. 
Unfortunately I haven't found any woman yet that comes with a manual;
some days I think I could sure use one <smile>.

-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484