[OpenAFS] Check free space on AFS share before login

Wed, 1 Feb 2017 17:34:06 +0100

On Feb 1, 2017, at 15:42 , Jonathan Billings wrote:

> On Wed, Feb 01, 2017 at 01:07:30PM +0100, Stephan Wiesand wrote:
>> nice idea... I should probably implement that here. Something like
>> 
>> auth required pam_exec.so stdout /bin/check_home_space
>> 
>> should work well enough at least with lightdm. Just make the script
>> print a short message to stdout and exit 1 in the failure case. 
> 
> You really shouldn't have PAM generate standard output for successful
> logins. You will break things like SSH's SFTP.

I wasn't suggesting that, sorry for being unclear. I think this should
be added to the lightdm pam config only (will login through ssh or on
a VT even fail if there's no space left in ~ ?). And on success, the
check script clearly shouldn't print anything to stdout and exit 0.

> We do something like this on our RHEL7 workstations, and we have
> zenity pop up with a warning when they log in if their home
> directory's quota is greater than 95% full.  It runs as an script
> launched from a .desktop file in /etc/xdg/autostart/.

Makes sense, but I think none of this will work if ~ is already 100% full.
You'll just be thrown back to the display manager's login screen w/o a
meaningful error message (maybe that "your session was suspiciously short"
dialog, but I'm not sure that's still present in EL7).

> For console logins, I'd probably use a script in /etc/profile.d/ that
> detected that it was a console login and generate all the output to
> stderr, just in case.  But considering that people don't read the MOTD
> I doubt they'd read warnings like that.

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany