| Debian and disk quotas: | ||
|---|---|---|
|
Chapter 5. User Information and Administration |  |
| Debian and disk quotas: | ||
|---|---|---|
|
|
Chapter 5. User Information and Administration | |
Disk quotas are very useful in large multi-user environments where you have a large number of users with access to the filesystem, whether because they log into the system or use their file space remotely, through either Samba or NFS.
Debian supports BSD-style disk quotas on the ext2 filesystem. This allows you to limit the amount of disk space that your users consume.
You've already learnt that an ext2 filesystem has two finite resources; blocks and inodes. You can limit the quantity of both of these that each user is allowed to use. You can specify a "hard limit", which is the user is not allowed to exceed - the will receive an error message if they try.
You can also optionally specify a "soft limit", which the user _is_ allowed to exceed, but only for a limited amount of time. This amount of time is known as the "grace period" and is usually a week (7 days).
Additionally, you can impose quotas on individual users, as well as groups.
For example:
You have three users: Joe, bob and jane
Joe has his own project funding, which has covered half of the cost of the hard drive for the system.
Bob and Jane work together, but for another project, which has paid for the other half of the hard drive. We'll call their project "project-x".
You can now fairly divide up the disk, giving half to Joe, and the other half to both Bob and Jane, who will share that 50%.
You can do this by allocating a user quota to user "Joe", and agroup quota to "project-x".
If "Joe" exceeds his quota, he will have to clean up some of his old files (or buy more disk space). However, if "bob" or "jane" exceed their group quota, they will have to decide amongst themselves how best to reduce their disk usage.
You'll need to install the quota package for Debian:
debian:~# apt-get install quota
Reading Package Lists... Done
Building Dependency Tree... Done
(Reading database ... 6077 files and directories currently installed.)
Unpacking quota (from quota_3.04-1_i386.deb) ...
Setting up quota (3.04-1) ...
|
You will be asked whether or not you wish to send e-mail out to users who have exceeded their quota. The default is No. If your users are more likely to check their e-mail in case of problems, then you can opt to specify "yes".
Your kernel also needs to have quota support compiled in.
Now you need to tell the system which filesystems should be controlled by the quota system. To do this, we need to edit the /etc/fstab file and add the "usrquota" and/or "grpquota" options to the relevant lines.
debian:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/hdb2 / ext2 errors=remount-ro 0 1
/dev/hdb1 none swap sw 0 0
proc /proc proc defaults 0 0
/dev/fd0 /floppy auto user,noauto 0 0
/dev/cdrom /cdrom iso9660 ro,user,noauto 0 0
|
/etc/fstab
debian:~# vi /etc/fstab
debian:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/hdb2 / ext2 errors=remount-ro,usrquota,grpquota 0 1
/dev/hdb1 none swap sw 0 0
proc /proc proc defaults 0 0
/dev/fd0 /floppy auto user,noauto 0 0
/dev/cdrom /cdrom iso9660 ro,user,noauto 0 0
|
Now you need to initialize the quota files. These files live in the root directory of the filesystem which has quotas enabled, and are named quota.user and quota.group for user and group quota databases, respectively. These files contain both the user and group quota information, as well as the filesystem usage information.
To do this, you need to run the quotacheck command. However, because quotacheck has to determine the disk usage by inspecting the file structure on the disk, there can be no write activity on the disk at the time. Otherwise, this may corrupt your quota database. For this reason, it is suggested that quotacheck be run in single-user mode:
debian:~# shutdown now
[ ... ]
Give root password for maintenance
(or type Control-D for normal startup):
|
Enter the root password, and then issue the follow command:
debian:~# quotacheck -F vfsold -c -a -v
quotacheck: Scanning /dev/hdb2 [/] done
quotacheck: Checked 791 directories and 15539 files
debian:~# _
|
The "-F vfsold" flag instructs the system to use the old VFS quota (version 1) system. The newer (version 2) quota system doesn't work in the standard Debian installation.
The "-c" flag specifies that the quota database files should be created, and the "-a" flag specifies that the command should be run on all filesystems which have quotas enabled. If you only wanted to perform the operation on a specific filesystem, you could have used the following:
debian:~# quotacheck -F vfsold -c /home
|
By default, quotacheck only performs this operation for "user" quotas. You will need to run the same command again, this time with the "-g" flag, if you also wish to enable "group" quotas:
debian:~# quotacheck -F vfsold -c -a -g
debian:~# _
|
You should now have both the quota database files created and present in the root directory of the filesystem for which you have quotas turned on:
debian:~# ls /*quota*
/quota.group /quota.user
|
Once you're finished, you can type "exit" or press Ctrl-d to return to multi-user mode.
The repquota command is a utility for reporting quota summary information.
SYNTAX:
repquota [ -u | -g ] [ -a | filesystem ]
|
As with quotacheck, the repquota command only displays user quotas by default, but you can specify that you wish to see group quotas by using the "-g" switch. You also need to specify the filesystem for which you wish to see a report, or you can specify the "-a" switch to see a report for all the filesystems for which quotas are enabled.
debian:~# repquota -a
*** Report for user quotas on device /dev/hdb2
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
------------------------------------------------------
root -- 80088 0 0 12025 0 0
daemon -- 8 0 0 3 0 0
man -- 172 0 0 17 0 0
lp -- 12 0 0 3 0 0
mail -- 56 0 0 14 0 0
news -- 4 0 0 1 0 0
student -- 12 0 0 3 0 0
|
The "block limits" refer to the data blocks (the default is 1 block = 1k). The "file limits" refer to the number of files, or inodes, that have been consumed. The "grace" field corresponds to the number of grace days remaining before the user is locked out of their account. The user has until that time to reduce their quota to below the "soft" level.
You can use the edquota command to edit user and group quotas.
SYNTAX:
edquota [ -u | -g ] <username or groupname>
|
For example, to edit the quota for "student":
debian:~# edquota student
|
The command will open up an instance of your preferred editor, with the following information:
Disk quotas for user student (uid 1000):
Filesystem blocks soft hard inodes soft hard
/dev/hdb2 12 0 0 3 0 0
|
The "blocks" and "inodes" fields cannot be edited, they are there for information purposes only. However, you can edit the soft and hard fields. The first pair refer to blocks, and the second to inodes.
For our example, let's set the "student" quota so that the user has 8MB of disk space available, and can use an extra 2MB temporarily if required.
Disk quotas for user student (uid 1000):
Filesystem blocks soft hard inodes soft hard
/dev/hdb2 12 8192 10240 3 0 0
|
Once you've made the changes, you can save and exit. The edquota utility will complain if it doesn't like the values that you've given.
Unlike repquota and edquota, which only the root user can make use of, the quota command is available to all users, and it allows them to query their current quota information.
SYNTAX:
quota [ -q ] [ username ]
|
The root user may optionally specify the username of a user in order to check their quota:
debian:~# quota student
Disk quotas for user student (uid 1000):
Filesystem blocks quota limit grace files quota limit grace
/dev/hdb2 12 8192 10240 3 0 0
|
If you log in as the "student" account, you should be able to use quota to check your disk usage:
student@debian:~$ quota
Disk quotas for user student (uid 1000):
Filesystem blocks quota limit grace files quota limit grace
/dev/hdb2 12 8192 10240 3 0 0
|
The optional "-q" switch tells quota not to output anything unless the user has exceeded their quota limits:
student@debian:~$ quota -q
student@debian:~$ _
|
![[Tip]](../images/admon/tip.png) |
Tip |
|---|---|
|
This is a useful command to place in the system wide /etc/profile file. That way, whenever a user logs in, they will be presented with a summary of the disk usage information, but only if they are over quota. |
|
Let's test and see if our quota system works. We'll use the dd command to create a 9MB file as the "student" user:
student@debian:~$ dd if=/dev/zero of=9mb-file bs=1024 count=9216
student@debian:~$ du 9mb-file
9232 9mb-file
student@debian:~$ quota
Disk quotas for user student (uid 1000):
Filesystem blocks quota limit grace files quota limit grace
/dev/hdb2 9248* 8192 10240 6days 5 0 0
|
You'll notice now that there is an asterisk ("*") next to the number of blocks that we've used, and that there is a "6day" value underneath the account's "grace period". This shows us that we've exceeded our soft quota, and have 6 days in which to reduce the amount of space that we're using.
If we were to attempt to create another file slightly larger than 1MB, and thus exceed our hard limit, we would receive an "out of disk space" error message.
|
|
 |
|
| Chapter 5. User Information and Administration |  |
Chapter 6. Process Accounting |