Re: Disk (over)quota in Windows 2000

[jw () QITS NET AU (John Wiltshire)]

> -----Original Message-----
> From: Peter Gutmann [mailto:pgut001 () CS AUCKLAND AC NZ]
> Sent: Wednesday, 1 March 2000 11:56 am
> To: BUGTRAQ () SECURITYFOCUS COM
> Subject: Re: Disk (over)quota in Windows 2000
>
>
> Dave Tarbatt - ACS <D.A.Tarbatt () BOLTON AC UK> writes:
>
> > I've been looking into disk quotas under Windows 2000 and
> have uncovered a
> > few anomalies. On top of a few peculiarities there appears
> to be a bug which
> > allows a user to exceed their disk quota by as much as they wish.
> >
> > [...]
> >
> > I discovered by experiment that new files can be created
> upto a size of
> > (Quota - UsedSpace  + 2KB - 1byte), i.e. they can go
> overquota by up to 2047
> > bytes. Not too much of a problem. Extending existing files
> can be up to
> > (Quota - UsedSpace +1KB -1byte) i.e. up to 1023 bytes
> overquota - nothing
> > much to be worried about.
>
> Isn't this just a cluster-size filling issue?  It looks like
> accounting is
> being done on a bytes-used basis but files are managed on a
> per-cluster basis,
> so it's possible to extend files out to fill the cluster
> without coming into
> conflict with the quota system.

It could be because NTFS stores small files inside the MFT rather than
allocating separate storage space for the file.  This means that a small
file will only have the directory space charged against the owner until it
gets to sufficient size to actually take up space outside the MFT.

Do you get charged for the file creation itself?

John Wiltshire