8

Suppose User A and User B have disk quotas of 1 GB.
Also suppose User B creates a 900 MB file with permission 0666.
This allows User A to access that file temporarily (for some project, etc.).
Notice this allows User A to write to the file as well.

If User A creates a hard link to that file, and User B then deletes the file, has User A essentially exploited the quota system by "stealing" 900 MB of storage from User B?

Assume User B never reports this to the admin, and the admin never finds out.
Also assume User B never suspects a thing about User A. In other words, assume User B will not look at User A's directory and corresponding files.

If similar question has been asked/answered before, I apologize for not being able to find them.

nehcsivart
  • 611
  • 7
  • 14
  • it depends on quota, after the first hardlink, A will might have used 900 MB. As you do not specify OS, it is unclear wether quota will account for physical space (900MB) or logical space ( 2 x 900 MB ). – Archemar Dec 09 '14 at 12:03
  • The owner of the file is stored in the inode, not in the directory entries (hard links), so it is quite natural to count the file against user B's quota. – Ansgar Esztermann Dec 09 '14 at 13:15
  • @AnsgarEsztermann then in that case, A's quota remains unchanged (1G) and unknow's spend 900 Mb in quota. – Archemar Dec 09 '14 at 13:38
  • @Archemar Are there quota systems that would count a file multiple times if it has multiple hard links? That seems broken (and harder to implement). – Gilles 'SO- stop being evil' Dec 09 '14 at 23:25
  • 1
    Thanks to all for the feedback! To clarify, A and B will still have quota of 1GB. The difference now is that B will have no access to 900 MB of their 1 GB quota, while A still has access to that extra 900 MB that belongs to B. It seems my question was a little unclear on this. I've updated it for future viewers. – nehcsivart Dec 10 '14 at 21:28

1 Answers1

7

This is one of the ugly corner cases of the Unix permission model. Granting write access to a file permits hard-linking it. If user A has write permission to the directory containing the file, they can move it to a directory where user B has no access. User B then can't access the file anymore, but it still counts against user B for quota purposes.

Some older Unix systems had a worse hole: a user could call chown to grant one of their file to another user; if they'd made the file world-writable before, they could keep using that file but the file would count against the other user's quota. This is one reason modern systems reserve chown to root.

There is no purely technical solution. It's up to user B to notice that their disk usage (du ~) doesn't match their quota usage and complain to the system administartor, who'll investigate and castigate user A.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060