<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id="pam_setquota">
<refmeta>
<refentrytitle>pam_setquota</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_setquota-name">
<refname>pam_setquota</refname>
<refpurpose>PAM module to set or modify disk quotas on session start</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id="pam_setquota-cmdsynopsis">
<command>pam_setquota.so</command>
<arg choice="opt">
fs=<replaceable>/home</replaceable>
</arg>
<arg choice="opt">
overwrite=<replaceable>0</replaceable>
</arg>
<arg choice="opt">
debug=<replaceable>0</replaceable>
</arg>
<arg choice="opt">
startuid=<replaceable>1000</replaceable>
</arg>
<arg choice="opt">
enduid=<replaceable>0</replaceable>
</arg>
<arg choice="opt">
bsoftlimit=<replaceable>19000</replaceable>
</arg>
<arg choice="opt">
bhardlimit=<replaceable>20000</replaceable>
</arg>
<arg choice="opt">
isoftlimit=<replaceable>3000</replaceable>
</arg>
<arg choice="opt">
ihardlimit=<replaceable>4000</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_setquota-description">
<title>DESCRIPTION</title>
<para>
pam_setquota is a PAM module to set or modify a disk quota at session start
</para>
<para>
This makes quotas usable with central user databases, such as MySQL or LDAP.
</para>
</refsect1>
<refsect1 id="pam_setquota-options">
<title>OPTIONS</title>
<para>
<variablelist>
<varlistentry>
<term>
<option>fs=<replaceable>/home</replaceable></option>
</term>
<listitem>
<para>
The device file or mountpoint the policy applies to. Defaults to the
filesystem containing the users home directory.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>overwrite=<replaceable>0</replaceable></option>
</term>
<listitem>
<para>
Overwrite an existing quota. Note: Enabling this will remove the ability
for the admin to manually configure different quotas for users for a
filesystem with <citerefentry><refentrytitle>edquota</refentrytitle>
<manvolnum>8</manvolnum></citerefentry>. (Defaults to 0)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>debug=<replaceable>0</replaceable></option>
</term>
<listitem>
<para>
Enable debugging. A value of 1 outputs the old and new quota on a device.
A value of 2 also prints out the matched and found filesystems should
<option>fs</option> be unset. (Defaults to 0)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>startuid=<replaceable>1000</replaceable></option>
</term>
<listitem>
<para>
Describe the start of the UID range the policy is applied to.
(Defaults to UID_MIN from login.defs or the uidmin value defined
at compile-time if UID_MIN is undefined.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>enduid=<replaceable>0</replaceable></option>
</term>
<listitem>
<para>
Describe the end of the UID range the policy is applied to. Setting
<emphasis>enduid=0</emphasis> results in an open-ended UID
range (i.e. all uids greater than <option>startuid</option> are
included). (Defaults to 0)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>bsoftlimit=<replaceable>19000</replaceable></option>
</term>
<listitem>
<para>
Soft limit for disk quota blocks, as defined by <citerefentry>
<refentrytitle>quotactl</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.
Note: <option>bsoftlimit</option> and <option>bhardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>bhardlimit=<replaceable>20000</replaceable></option>
</term>
<listitem>
<para>
Hard limit for disk quota blocks, as defined by <citerefentry>
<refentrytitle>quotactl</refentrytitle><manvolnum>2</manvolnum>
</citerefentry>.
Note: <option>bsoftlimit</option> and <option>bhardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>isoftlimit=<replaceable>3000</replaceable></option>
</term>
<listitem>
<para>
Soft limit for inodes, as defined by <citerefentry><refentrytitle>
quotactl</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
Note: <option>isoftlimit</option> and <option>ihardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>ihardlimit=<replaceable>4000</replaceable></option>
</term>
<listitem>
<para>
Hard limit for inodes, as defined by <citerefentry><refentrytitle>
quotactl</refentrytitle><manvolnum>2</manvolnum></citerefentry>.
Note: <option>isoftlimit</option> and <option>ihardlimit</option>
<emphasis>must</emphasis> be set at the same time!
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id="pam_setquota-types">
<title>MODULE TYPES PROVIDED</title>
<para>
Only the <option>session</option> module type is provided.
</para>
</refsect1>
<refsect1 id='pam_setquota-return_values'>
<title>RETURN VALUES</title>
<para>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The quota was set successfully.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_IGNORE</term>
<listitem>
<para>
No action was taken because either the UID of the user was outside
of the specified range, a quota already existed and
<option>overwrite=1</option> was not configured or no limits were
configured at all.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
The user was not found.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_PERM_DENIED</term>
<listitem>
<para>
<filename>/proc/mounts</filename> could not be opened.
</para>
<para>
The filesystem or device specified was not found.
</para>
<para>
The limits for the user could not be retrieved. See syslog for
more information.
</para>
<para>
The limits for the user could not be set. See syslog for
more information.
</para>
<para>
Either <option>isoftlimit</option>/<option>ihardlimit</option>
or <option>bsoftlimit</option>/<option>bhardlimit</option> were
not set at the same time.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 id='pam_setquota-examples'>
<title>EXAMPLES</title>
<para>
A single invocation of `pam_setquota` applies a specific policy to a UID
range. Applying different policies to specific UID ranges is done by
invoking pam_setquota more than once. The last matching entry
defines the resulting quota.
<programlisting>
session required pam_setquota.so bsoftlimit=1000 bhardlimit=2000 isoftlimit=1000 ihardlimit=2000 startuid=1000 enduid=0 fs=/home
session required pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=2001 enduid=3000 fs=/dev/sda1
session required pam_setquota.so bsoftlimit=19000 bhardlimit=20000 isoftlimit=3000 ihardlimit=4000 startuid=3001 enduid=4000 fs=/dev/sda1 overwrite=1
</programlisting>
</para>
</refsect1>
<refsect1 id='pam_setquota-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_setquota-author'>
<title>AUTHOR</title>
<para>
pam_setquota was originally written by
Ruslan Savchenko <savrus@mexmat.net>.
</para>
<para>
Further modifications were made by Shane Tzen <shane@ict.usc.edu>,
Sven Hartge <sven@svenhartge.de>
and Keller Fuchs <kellerfuchs@hashbang.sh>.
</para>
</refsect1>
</refentry>