Quotas are used to limit a user's or a group of users' ability to consume disk space. This prevents a small group of users from monopolizing disk capacity and potentially interfering with other users or the entire system. Disk quotas are commonly used by Internet Service Providers (ISPs), by Web hosting companies, on FTP sites, and on corporate file servers to ensure continued availability of their systems.
Without quotas, one or more users can upload files on an FTP server and occupy all free space on a partition. Once the affected partition is full, other users are effectively denied upload access to the disk. This is also a reason to mount different filesystem directories on different partitions. For example, if you only had partitions for your root (/) directory and swap space, someone uploading to your computer could fill up all of the space in your root directory (/). Without at least a little free space in the root directory (/), your system could become unstable or even crash.
You have two ways to set quotas for users. You can limit users by inodes or by kilobyte-sized disk blocks. Every Linux file requires an inode. Therefore, you can limit users by the number of files or by absolute space. You can set up different quotas for different filesystems. For example, you can set different quotas for users on the /home and /tmp directories if they are mounted on their own partitions.
Limits on disk blocks restrict the amount of disk space available to a user on your system. Older versions of Red Hat Linux included LinuxConf, which included a graphical tool to configure quotas. As of this writing, Red Hat no longer has a graphical quota configuration tool. Today, you can configure quotas on RHEL only through the command line interface.
On the Job | Learn to focus on command line tools. Red Hat used to make LinuxConf available as a graphical and console tool for a number of system administration functions, including quotas. While Red Hat may eventually create another GUI quota manager, don't count on it. |
By default, the Linux kernel as configured by Red Hat supports quotas. However, if you install and compile a new kernel from a remote source, you should make sure that this feature is active. The basic kernel configuration is stored in the /boot directory. For the default RHEL system, you'll find the configuration in the config-versionumber file. If you've configured a custom kernel file, you'll find it listed under a different name.
To verify that quotas are enabled in the default kernel, run the following command (the shell substitutes the actual version number of the kernel for `uname -r`):
# grep CONFIG_QUOTA /boot/config-`uname -r`
There are two possible results. The following means quota support is enabled:
CONFIG_QUOTA=y
Alternatively, if you see either of the following, quota support is not enabled:
CONFIG_QUOTA=n CONFIG_QUOTACTL=n
CONFIG_QUOTA enables limits on usage; CONFIG_QUOTACTL is associated with disk quota manipulation.
If you have a custom or upgraded kernel, use either the make menuconfig, make gconfig, or make xconfig command to make sure support is enabled for quotas. The quota support option is located in the filesystem section. All you need to do is turn on quota support and then rebuild and install your new kernel. I'll describe this process in more detail in Chapter 8.
The quota RPM package is installed by default. You can find out more about RPMs such as quota with the following command:
# rpm -qi quota
Assuming you haven't removed the quota RPM, you'll see the following description of the package, which tells you that it includes a number of tools:
The quota package contains system administration tools for monitoring and limit- ing user and or group disk usage per filesystem.
You can find out more about these tools by reviewing a list of associated files. You can find a list of files installed through the quota RPM with the following command:
# rpm -ql quota
As you can see for yourself, the quota package includes the following commands:
/sbin/quotaon /fs Enables quotas for the specified filesystem.
/sbin/quotaoff /fs Disables quota tracking.
/usr/sbin/edquota name Edits the quota settings for the specified username. Can also be used to set defaults or to copy quota settings from one user to another.
/usr/bin/quota Allows users to see their current resource consumption and limits.
/usr/sbin/repquota Generates a report of disk consumption by all users for a quota-enabled filesystem.
/sbin/quotacheck Scans a filesystem for quota usage. Initializes the quota databases.
I've included the entire path to each command for your reference. But as discussed earlier in this book, I recommend that you normally work as the root user during the Red Hat exams. As the noted directories are all part of the root user's PATH, you don't need to specify the full path to each command. (You can verify the directories in your path with the echo $PATH command.)
The next step is to ensure the quotas are active and checked when Linux boots on your system.
The /etc/rc.sysinit script noted in Chapter 3 initializes Linux system services during the boot process. This script includes commands that start quota services. Specifically, this script runs both the quotacheck (to ensure that disk consumption usage records are accurate) and quotaon (to enable quotas on all filesystems indicated in /etc/ fstab) commands. You don't have to run these commands manually.
As described in Chapter 4, the file /etc/fstab tells Linux which filesystems to mount during the boot process. The options column of this file configures how Linux mounts a directory. You can include quota settings in /etc/fstab for users and/or groups.
On the Job | Before you edit a key configuration file such as /etc/fstab, it's a good idea to back it up and save it to any boot or rescue disks that you may have. If your changes lead to a catastrophic failure, you can boot your system from a rescue disk and then restore the original configuration file. |
Here is a sample /etc/fstab before editing:
Device Mount point Filesys Options dump Fsck LABEL=/ / ext3 defaults 1 1 LABEL=/boot /boot ext3 defaults 1 2 /dev/sdb1 /home ext3 defaults 1 2 devpts /dev/pts devpts gid=5,mode=620 0 0 tmpfs /dev/shm proc tmpfs 0 0 proc /proc proc defaults 0 0 sysfs /sys proc sysfs 0 0 /dev/sda3 swap swap defaults 0 0
In this configuration, it may make sense to enable quotas on the root (/) and /home directory filesystems. You can tell Linux to start tracking user quotas by adding the keyword usrquota under the options column. Similarly, you can tell Linux to start tracking group quotas with the grpquota option. Use vi or your favorite text editor to update /etc/fstab.
In this example, I add both user and group quotas to the /home directory filesystem:
/dev/sdb1 /home ext3 exec,dev,suid,rw,usrquota,grpquota 1 2
If you edit the /etc/fstab file by hand, you'll need to ensure that the line you are editing does not wrap to the next line. If it does, the format for your /etc/fstab will be invalid and the boot process may be affected.
If you don't have a separate /home directory partition, you can apply the quota settings to the top-level root directory (/) partition.
On the Job | You can test changes to /etc/fstab by rebooting your computer or remounting a filesystem. For example, if you've just added usrquota and grpquota entries as shown to the /home directory filesystem, you can test it with the mount -o remount /home command. Check the result in the /etc/mtab file. |
The next step is to create quota files. For user and group quotas, you'll need the aquota .user and aquota.group files in the selected filesystem before you can activate actual quotas. You no longer need to create those files manually; once you've remounted the desired directory, the appropriate quotacheck command creates them automatically. For the /home directory described earlier, you'd use the following commands:
# mount -o remount /home # quotacheck -cugm /home
The options for quotacheck are
-c Performs a new scan.
-v Performs a verbose scan.
-u Scans for user quotas.
-g Scans for group quotas.
-m Remounts the scanned filesystem.
This will check the current quota information for all users, groups, and partitions. It stores this information in the appropriate quota partitions. Once the command is run, you should be able to find the aquota.user and aquota.group files in the configured directory.
To specify disk quotas, you need to run the edquota command. This edits the aquota .user or aquota.group file with the vi editor. In this example, pretend you have a user named nancy, and you want to restrict how much disk space she is allowed to use. You'd type the following command to edit nancy's quota records:
# edquota -u nancy
This command launches the vi editor and opens the quota information for user nancy, as shown in Figure 6-4.
Figure 6-4: Quota information
On a standard command line terminal, the quota information is formatted strangely, with seven columns. (If you're running a command line terminal in the GUI, you can remove the line wrapping by increasing the width of the window; the terminals used to create Figures 6-4 through 6-7 include 90 columns.) The lines are wrapped. In this case, the filesystem with the quota is mounted on partition /dev/ sdb2. Soft and hard limits are included for both blocks and inodes. By default, soft and hard limits of 0 means that there are no limits for user nancy.
We can see that nancy is currently using 22,692 blocks and has 24 files (inodes) on this partition. Each block takes up 1KB of space; thus user nancy's files total approximately 22MB. In this example, we'll show you how to set a limit so that nancy does not take more than 100MB of space with her files.
First, it's important to understand the meaning of soft and hard limits.
Soft limit This is the maximum amount of space a user can have on that partition. If you have set a grace period, this will act as an alarm. The user will then be notified she is in quota violation. If you have set a grace period, you will also need to set a hard limit. A grace period is the number of days a user is allowed to be above the given quota. After the grace period is over, the user must get under the soft limit to continue.
Hard limit Hard limits are necessary only when you are using grace periods. If grace periods are enabled, this will be the absolute limit a user can use. Any attempt to consume resources beyond this limit will be denied. If you are not using grace periods, the soft limit is the maximum amount of available space for each user.
In this example, set an 100MB soft limit and a 120MB hard limit for the user. As shown in Figure 6-5, this is written as a number of 1KB blocks in the quota file.
Figure 6-5: Quotas with hard and soft limits
Note that nancy's use of inodes is not limited. She is still able to use as many inodes (thus as many files) as she likes. To implement these quotas, these settings must be saved. In the default vi editor, the :wq command does this job nicely.
In addition, give user nancy a seven-day grace period. If and when she exceeds the soft limit, she has that amount of time to get back under the soft limit. To set the grace period for all users, run the edquota -t command. The result should look similar to what you see in Figure 6-6.
Figure 6-6: Quota grace period
Here, Linux has provided the default of seven days for both inodes and block usage. That is, a user may exceed the soft limit on either resource for up to seven days. After that, further requests by that user to use files will be denied. Our user nancy would have to delete files to get her total disk block consumption under 100MB before she could create new files or expand existing files. You can edit the grace period directly, using vi commands. To activate the new grace period, just save the file.
There is a quirk associated with quota grace periods. When you use edquota and specify the grace period, you cannot include a space between the number and the unit (for example, 7days, not 7 days). Fortunately, the quota system in RHEL 5 automatically fixes this problem.
On the Job | In older versions of Red Hat distributions, a space between the quota number and the unit would lead to a quota error. In RHEL 5, that space is automatically removed when the appropriate quota setting is saved. |
The edquota command allows you to use an already configured user's quota as a template for new users. To use this feature, you need to run the command with the -p switch and configured_user arguments options:
# edquota -up nancy michael randy donna
This command will not provide any output, but it will take the quota configuration settings of user nancy and apply them to michael, randy, and donna. You can include as many users as you want to edit or to which you want to apply templates.
You can also set up quotas on a per-group basis. To do this, simply run edquota with the -g group_name argument. Here, group_name would need to be a valid group as specified in the /etc/group file.
# edquota -g nancy
This opens the block and inode quota for group nancy, as shown in Figure 6-7.
Figure 6-7: Group quota
On the Job | When testing quotas, there is one useful technique that creates a blank file of the desired size. For example, if you want to create a 100MB file named bigfile in the local directory, run the dd if=/dev/zero of=bigfile bs=1k count=100000 command. |
As an administrator, you'll want to maintain any quotas that you create. For that purpose, it's useful to run the aforementioned quotacheck command on a regular basis. As you'll see later in this chapter, it is easy to do through the cron system. A simple command in the right cron file automatically runs the quotacheck command on a regular basis. For example, the following command in the right cron file runs the quotacheck command at 2:00 A.M. every Saturday:
0 2 * * 6 /sbin/quotacheck -avug
You can also use the edquota command to apply quotas to all users on your system. For example, the following command applies the quotas that you've already set on user mj to all other real users on the system (the awk command was described briefly in Chapter 1):
edquota -p mj `awk -F: '$3 > 499 {print $1}' /etc/passwd'
Note that this command lists the first column ($1) of /etc/passwd, which is the username. And in keeping with the UIDs for regular Red Hat users (from the third column, $3, of /etc/passwd), this is limited to users with UIDs of 500 or higher. You can add this type of command to the appropriate cron file as well, which makes sure that the quotas are applied to all existing and new users.
As an administrator, it can be useful to see reports on who is using the most disk space. You can generate reports on users, groups, or everybody on every partition. To view a report showing quota information for all users, run the repquota -a command. You'll see a list of quotas for all users similar to that shown in Figure 6-8.
Figure 6-8: A quota report
If you have multiple filesystems with quotas, you can use the repquota command to isolate a specific filesystem. For example, if you wanted to view the quota report for the partition with the /home directory, run the following command:
# repquota -u /home
Alternatively, if you wanted to view quota information on user nancy, run the following quota command:
# quota -uv nancy Disk quotas for user nancy(uid 507): Filesystem blocks quota limit grace files quota limit grace /dev/hdd1 22692 100000 120000 24 0 0
An individual user can check his own usage with the quota command, but only the administrative root user can examine the quotas for other users.
The Network File System (NFS) allows users to share files and directories on a network with Linux and Unix computers. Users across the network mount a shared NFS directory from a specific computer. Users are normally in a single database in an NFS setup. Disk quotas can be applied to these users in virtually the same way as they are to users on a regular Linux computer. For example, if you create a local user called nfsuser, and you translate all remote requests to this user, then you need to set up quota restrictions for nfsuser on the mounted partition. This will limit the disk consumption of all incoming NFS users. See Chapter 10 for more about NFS.
Exercise 6-3: Configuring Quotas
In this exercise, you will set up user quotas for one user on your system. These quotas will allow a soft limit of 80MB and a hard limit of 100MB for each user. No limits are to be placed on the number of inodes. Assume the /home directory is mounted on a separate partition. (If /home is not mounted separately, apply the commands to the top-level root directory /.) The first couple of steps should be formalities, as quotas should be active and installed by default. However, it's a good habit to check. To set up quotas in this exercise, follow these steps:
Check your kernel configuration for the CONFIG_QUOTA variable, using the /boot/config-`uname -r` file. It should be set to "Y." If not, proceed to Chapter 8 for general instructions on how to revise your kernel.
Check to make sure that the quota package is installed. Install it from the RHEL 5 installation source if required.
Add quotas to /etc/fstab. Add the usrquota directive to the Options column for the partition with the /home directory. Make sure the info stays on one line in /etc/fstab.
Activate the quotas. You can unmount and remount the /home directory, reboot Linux, or use the following command:
# mount -o remount /home
Use the quotacheck -cum /home command to activate the user quota file in the /home directory.
Make sure this command worked. Look for the aquota.user file in the /home directory.
Now you're ready to set up quotas for a specific user. If necessary, look up usernames in /etc/passwd. Use the edquota -u username command to edit the quotas for the user of your choice.
Under the soft and hard columns, change the 0 to 80000 and 100000, respectively. Remember that these files are set up for 1KB blocks. Save the file.
Restore any previous settings that existed before this exercise.