Skip to content

quotactl

Intro

quotactl - manipulate disk quotas from user space.

Description

The quotactl system call is used to set disk quotas and retrieve disk quota information from user space. It is a way to limit disk usage on a system-wide basis and provides the ability to do things like set disk quota limits, enforce the disk quota limits and record disk usage for users. There are several different parameters that can be set with quotactl, such as the maximum size of a user's files and the grace period for when the quota limit is exceeded.

The quotactl system call can be used to manipulate the disk quota information stored in the quota setup files. It can also be used to enforce the quota limit and to revoke access to the files exceeding the quota limit until the usage is brought back within the limit.

Arguments

  • cmd:int[K] - The command to be performed, which can be one of the following:
  • Q_QUOTAON - Turn quotas on
  • Q_QUOTAOFF - Turn quotas off
  • Q_SETQUOTA - Set the quota limits
  • Q_GETQUOTA - Get the quota limits
  • Q_GETNEXTQUOTA - Get information about the next user in the system
  • special:const char*[K] - A pointer to a pathname indicating the block device for whose quotas the command is to be applied.
  • id:int[K] - The user or group id for whom the quotas are set or retrieved.
  • addr:void*[K] - A pointer to a buffer which contains the requested quota information to set, or which will store the quota information retrieved.

Available Tags

  • K - Originated from kernel-space.

Hooks

quotactl

Type

Kprobes

Purpose

To monitor the system calls and track disk quotas.

Example Use Case

quotactl can be used as an effective disk quota enforcement mechanism to keep a user from exceeding disk usage limits. It can be used to track and monitor disk usage in order to better control resource allocation.

Issues

It is vulnerable to TOCTOU (time of check, time of use) race conditions.

  • getdents - manipulate directory entries.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.