Linux File System Quotas

Related YoLinux Tutorials:

°Linux Sys Admin

°Linux Networking

°Internet Gateway

°Securing Linux

°YoLinux Tutorials Index

Configuration of disk usage quotas on Linux - Perform the following as root:

1. Edit file /etc/fstab to add qualifier "usrquota" or "grpquota" to the partition. The following file system mounting options can be specified in /etc/fstab: grpquota, noquota, quota and usrquota. (These options are also accepted by the mount command but ignored.) The filesystem when mounted will show up in the file /etc/mtab, the list of all currently mounted filesystems.)
   • To enable user quota support on a file system, add "usrquota" to the fourth field containing the word "defaults".

     ... /dev/hda2 /home ext3 defaults,usrquota 1 1 ...

   • Replace "usrquota" with "grpquota", should you need group quota support on a file system.

     ... /dev/hda2 /home ext3 defaults,grpquota 1 1 ...

   • Need both user quota and group quota support on a file system?

     ... /dev/hda2 /home ext3 defaults,usrquota,grpquota 1 1 ...

     This enables user and group quotas support on the /home file system.

2. touch /partition/aquota.user
   where the partition might be /home or some partition defined in /etc/fstab.
   then
   chmod 600 /partition/aquota.user

   The file should be owned by root. Quotas may also be set for groups by using the file aquota.group

   Quota file names:

   • Quota Version 2 (Linux 2.4/2.6 kernel: Red Hat 7.1+/8/9,FC 1-3): aquota.user, aquota.group
   • Quota Version 1 (Linux 2.2 kernel: Red Hat 6, 7.0): quota.user, quota.group
   The files can be converted/upgraded using the convertquota command.
3. Re-boot or re-mount file partition with quotas.
   • Re-boot: shutdown -r now
   • Re-mount partition: mount -o remount /partition
   
   After re-booting or re-mounting the file system, the partition will show up in the list of mounted filesystems as having quotas. Check /etc/mtab:

   ... /dev/hda5 / ext3 rw,usrquota 0 0 ...

4. quotacheck -vgum /partition
   or
   quotacheck -vguma
   • For example (Linux kernel 2.4+: Red Hat 7.1+, Fedora): quotacheck -vguma

     quotacheck: WARNING -  Quotafile //aquota.user was probably truncated. ...
     quotacheck: Scanning /dev/hda5 [/] done
     quotacheck: Checked 9998 directories and 179487 files
         

   • For example (Linux kernel 2.2: Red Hat 6/7.0): quotacheck -v /dev/hda6
     System response:

           Scanning /dev/hda6 [/home] done
           Checked 444 directories and 3136 files  
           Using quotafile /home/quota.user       
           

   Quotacheck is used to scan a file system for disk usages, and updates the quota record file "quota.user/aquota.user" to the most recent state. It is recommended thet quotacheck be run at bootup (part of Redhat default installation)

   Man page: quotacheck - scan a filesystem for disk usage, create, check and repair quota files

5. quotaon -av
   System Response: /dev/hda6: user quotas turned on

   quotaon - enable disk quotas on a file system.
   quotaoff - turn off disk quotas for a file system.

   Man page: quotaon - turn filesystem quotas on and off

6. edquota -u user_id
   Edit directly using vi editor commands. (See below for more info.)
   For example: edquota -u user1
   • System Response (RH 7+):

     Disk quotas for user user1 (uid 501):
       Filesystem                   blocks       soft       hard     inodes     soft     hard
       /dev/hda5                      1944          0          0        120        0        0
           

     • blocks: 1k blocks
     • inodes: Number of entries in directory file
     • soft: Max number of blocks/inodes user may have on partition before warning is issued and grace persiod countdown begins.
       If set to "0" (zero) then no limit is enforced.
     • hard: Max number of blocks/inodes user may have on partition.
       If set to "0" (zero) then no limit is enforced.

   • System Response (RH 6):

                Quotas for user user1:
                /dev/sdb6: blocks in use: 56, limits (soft = 0, hard = 0)
                        inodes in use: 50, limits (soft = 0, hard = 0)
           

     Something failed if you get the response:

                /dev/sdb6: blocks in use: 0, limits (soft = 0, hard = 0)
                        inodes in use: 0, limits (soft = 0, hard = 0)
     
           

     Edit limits:

                Quotas for user user1: 
                /dev/hda6: blocks in use: 992, limits (soft = 50000, hard = 55000) 
                        inodes in use: 71, limits (soft = 10000, hard = 11000)
           

   If editing group quotas: edquota -g group_name

   Man page: edquota - edit user quotas

7. List quotas:
   quota -u user_id

   For example: quota -u user1
   System response:

   Disk quotas for user user1 (uid 501):
        Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
         /dev/hda6     992   50000   55000              71   10000   11000
         

   If this does not respond similar to the above, then restart the computer: shutdown -r now

   Man page: quota - display disk usage and limits

• Report on all users over quota limits: quota -q
• Quota summary report: repquota -a

  *** Report for user quotas on device /dev/hda5
  Block grace time: 7days; Inode grace time: 7days
                          Block limits                File limits
  User            used    soft    hard  grace    used  soft  hard  grace
  ----------------------------------------------------------------------
  root      -- 4335200       0       0         181502     0     0
  bin       --   15644       0       0            101     0     0
  ...
  user1     --    1944       0       0            120     0     0
      

  No limits shown with this user as limits are set to 0.

  Man page: repquota - summarize quotas for a filesystem.

Quotacheck should scan the file system via cronjob periodically (say, every week?). Add a script to the /etc/cron.weekly/ directory.
File: /etc/cron.weekly/runQuotacheck

• Linux Kernel 2.4: Red Hat 7.1 - Fedora Core 3:

  #!/bin/bash /sbin/quotacheck -vguma

• Linux Kernel 2.2: Red Hat 6/7.0:

  #!/bin/bash /sbin/quotacheck -v -a

(Remember to chmod +x /etc/cron.weekly/runQuotacheck)

The "edquota" command puts you into a "vi" editing mode so knowledge of the "vi" editor is necessary. Another editor may be specified with the EDITOR environment variable. You are NOT editing the quota.user file directly. The /partition/quota.user or quota.group file is a binary file which you do not edit directly. The command edquota gives you an ascii interface with the text prepared for you. When you ":wq" to save the file from the vi session, it is converted to binary by the edquota command and stored in the quota.user file.

Assigning quota for a bunch of users with the same value. To rapidly set quotas for all users, on my system to the same value as user user1, I would first edit user user1's quota information by hand, then execute:

  edquota -p user1 `awk -F: '$3 > 499 {print $1}' /etc/passwd`

This assumes that the user uid's start from 500 and increment upwards. "blocks in use" is the total number of blocks (in kilobytes) a user has comsumed on a partition. "inodes in use" is the total number of files a user has on a partition.

edquota options:

Option	Description
-r -m	Edit quotas on remote server using RPC. Remote server must be configured with the daemon rpc.rquotad
-u	Edit user quota
-g	Edit group quota
-p user-id	Duplicate the quotas based on existing prototype user
-F format -F vfsold -F vfsv0 -F rpc -F xfs	Format: vfsold - version 1 vfsv0 - version 2 rpc - quotas over NFS xfs - quotas for XFS filesystem
-f /file-system	Perform on specified filesystem. Default is to apply on all filesystems with quotas
-t	Edit the soft time limits for each filesystem.
-T	Edit time for user/group when softlimit is enforced. Specify number and unit or "unset"

Soft Limit and Hard Limits:

Soft limit indicates the maximum amount of disk usage a quota user has on a partition. When combined with "grace period", it acts as the border line, which a quota user is issued warnings about his impending quota violation when passed. Hard limit works only when "grace period" is set. It specifies the absolute limit on the disk usage, which a quota user can't go beyond his "hard limit".

Grace Period:

"Grace Period" is configured with the command "edquota -t", "grace period" is a time limit before the "soft limit" is enforced for a file system with quota enabled. Time units of sec(onds), min(utes), hour(s), day(s), week(s), and month(s) can be used. This is what you'll see with the command "edquota -t":

System response:

• Linux Kernel 2.4+: Red Hat 7.1+/Fedora:

  Grace period before enforcing soft limits for users:
  Time units may be: days, hours, minutes, or seconds
    Filesystem             Block grace period     Inode grace period
    /dev/hda5                     7days                  7days
  

• Linux Kernel 2.2: Red Hat 6/7.0:

  Time units may be: days, hours, minutes, or seconds 
  Grace period before enforcing soft limits for users: 
  /dev/hda2: block grace period: 0 days, file grace period: 0 days
  

Change the 0 days part to any length of time you feel reasonable. A good choice might be 7 days (or 1 week).

Quota files: (non-XFS file systems)

The edquota command will create/edit the quota file at the root of the file system. (See /etc/mtab for the list of the currently mounted filesystems.)

• Version 2: aquota.user, aquota.group
• Version 1: quota.user, quota.group

The default Red Hat/Fedora Core Linux kernel is shipped quota ready. If you have streamlined your kernel by rebuilding it with fewer options, make sure it has been configured with quotas support. When using the tools xconfig or menuconfig be sure to reply y to:
Quota support (CONFIG_QUOTA) [n] y

Fedora Core 3: grep CONFIG_QUOTA /usr/src/redhat/SOURCES/kernel-2.6.9-x86_64.config
Response:

CONFIG_QUOTA=y CONFIG_QUOTACTL=y

The Redhat default init script /etc/rc.d/rc.sysinit will also contain a point in the script to run quotacheck:

• Red Hat 6, 7.0:

  if [ -x /sbin/quotacheck ]; then echo "Checking root filesystem quotas" /sbin/quotacheck -v -a fi

  And turn quota checking on:

  if [ -x /usr/sbin/quotaon ] then echo "Turning on quota." /usr/sbin/quotaon -v -a fi

Also note that system limits may be set in the configuration file: /etc/security/limits.conf. Here file size limits may be set for core dumps and data files as well as resource limits such as max cpu time and number of processes.

More Quota Info:

• http://www.freebsd.org/handbook/quotas.html

Exploits:

http://listweb.bilkent.edu.tr/linux/06/0653.html

Software Available From:

ftp://ftp.funet.fi/pub/Linux/PEOPLE/Linus/subsystems/quota/all.tar.gz

Linux man pages:

• quota - display disk usage and limits
• rquota - implement quotas on remote machines
• fstab - static information about the filesystems
• edquota - edit user quotas
• setquota - set disk quotas (Command line editor)
• quotacheck - scan a filesystem for disk usage, create, check and repair quota files
• quotaon - turn filesystem quotas on
• quotaoff - turn filesystem quotas off
• repquota - produce a summary of quota information for a file system
• convertquota - convert quota from old file format to new one. Convert quota.user to aquota.user
• quotactl - manipulate disk quotas (C programmer interface)

Copyright © 2000, 2001, 2005 by Greg Ippolito