Avoid groups admin from being able to assign quotas freely to the users they create. Maybe limit it with an "assignable quota".

[igorbga]

When you create a group admin, this group admin can create new user accounts. And he can decide what quota those new users might have. So he can effectively create a new user for himself with unlimited quota or just give the new users more quota than expected.

It would be great if somehow the maximum quota a group admin can assign to his users would be limited.

To be honest even having a limitation in the quota he can assign he could create hundreds of users with limited quota if he is playing evil.

Maybe a more viable approach would be being able to assign a maximum "assignable quota" to each group a user can administer. For example If we have groups A and B, when I configure that user X is a group admin of A I could provide a "assignable quota" of 100GB.

That doesn't mean that the group has a shared quota of 100GB it only means that the sum of all the quotas assigned to the users created by the admin and assigned to that group can not exced de 100GB limit. So for example, he could create 10 users with 10GB each, or just a couple with 50GB.

I know is even more complicated because, for example, an admin could assign a user to multiple groups and so on... but at least with this approach we only have to do the math on user creation or edition, not when the effective usage changes.

There were some comment about this problem in issue 7429, and it was marked as closed, but the fix did not really address this issue, it was a misunderstanding of the feature request.