Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


QUOTAS IN LINUX

Users, every sysadmin has to deal with them and you cannot shoot them. Seriously though, not all users are a trial, but some are. You can explain things and try to be nice as much as you want but nothing works. Now one way users can mess with the system is to use too much disk space. This will cause all your other users to not be able to work. Think of it as a kinda-unintentional DOS attack. But in linux you can help prevent this using quotas. You can set both group and user quotas, and it actually is not that difficult. Lets take a look..

What is needed?
Well I am assuming you are using a linux server, with a 2.4 or higher kernel, with the quota options compiled into the kernel. On most kernels the correct options are default but if not then set those up before carrying on here.

Setup
Now in order to use quotas you need to choose which partitions you want to use them on, and then mount them with the correct options. Something like...
/dev/sda1    /storage ext3    defaults,usrquota,grpquota  1 2 

This will enable both user and group quotas on the /dev/sda1 partition which mounts onto the /storage path. Once this is set then you need to enable it. You can use either
shutdown -r now

Or if you cannot shutdown the server, try this..
mount -o remount /storage

To test if everything works..
# cat /etc/mtab
.
.
/dev/sda1 /storage ext3 rw,usrquota,grpquota 0 0

If everything went ok, then you should see a line like above. This far we have enabled our system to use quotas, lets start using them shall we?

Using Quotas
Before anything else, lets create our quota files (this needs to be done by root)..
touch /storage/aquota.user
chmod 0600 /storage/aquota.user
touch /storage/aquota.group
chmod 0600 /storage/aquota.group

Now we run..
quotacheck -vguma

the first time you run this you will see error message regarding the files being "truncated", do not worry about these, just let it run. This command updates the quota record files to the most recent state. It is recommended to run this as part of your bootup. Now we finally make the quota usage active with..
quotaon -av

Now any quota settings you make will take effect straight away. Now lets add some quotas.

The first thing to remember is that a quota can effect two things, the space/blocks used by a users files and the number of files (or inodes used) a user has. Each of these two counts can have a "hard" and a "soft" limit. The "hard" setting is a fixed no-mercy setting, the user cannot exceed this. The "soft" limit allows the user to exceed it, and if that happens the user has a grace period of time avalible to become compliant before the quota is enforced. Personally, in the context of users, I do not use the inode settings and I do not bother differentiating between hard and soft limits. So if you're a nasty person like me, lets give bob a 1GB quota..
setquota -u bob 1048576 1048576 0 0 /storage
 
The "-u" specifies it is a user quota we are setting, the "-g" is used if you want to quota groups. Then we specify "bob" as the user to receive the stated quota. Then you see the number "1048576" repeated twice. The first two numbers after the name are for the hard and soft space usage limits respectively, and number is expressed in Kilobytes. The next two numbers are for the inode usage, here we specify "0" for both the hard and soft counts. A "0" means that there is no limit. And lastly we specify "/storage" because thats we we want this quota to take effect. You could use "edquota" to do this as well, but I am a CLI snob. Sue me.

Now if you want to see what people are doing, you can use the repquota command. It is very easy to use, for example, to check users..
repquota -u /storage

or to check groups..
repquota -g /storage

The lists generated will tell you how much each user or group is using.

Final Words
Well thats using linux quotas in a nutshell, not too difficult and very useful. Take a look at them, I am certain almost every sysadmin would benefit from implementing it. As always, have fun and learn.