How To Set Filesystem Quotas on Debian 10 | DigitalOcean

  • 20,000
  • Tác giả: admin
  • Ngày đăng:
  • Lượt xem: 20
  • Tình trạng: Còn hàng

Introduction

Quotas are used vĩ đại limit the amount of disk space a user or group can use on a filesystem. Without such limits, a user could fill up the machine’s disk and cause problems for other users and services.

In this tutorial we will install command line tools vĩ đại create and inspect disk quotas, then mix a quota for an example user.

Prerequisites

This tutorial assumes you are logged into a Debian 10 server, with a non-root, sudo-enabled user, as described in Initial Server Setup with Debian 10.

The techniques in this tutorial should generally work on Linux distributions other than thở Debian, but may require some adaptation.

To mix and kiểm tra quotas, we first need vĩ đại install the quota command line tools using apt. Let’s update our package list, then install the package:

sudo apt update
sudo apt install quota

You can verify that the tools are installed by running the quota command and asking for its version information:

quota --version

Output

Quota utilities version 4.04. . . .

It’s fine if your output shows a slightly different version number.

Next we will update our filesystem’s mount options vĩ đại enable quotas on our root filesystem.

Step 2 – Updating Filesystem Mount Options

To activate quotas on a particular filesystem, we need vĩ đại mount it with a few quota-related options specified. We tự this by updating the filesystem’s entry in the /etc/fstab configuration tệp tin. Open that tệp tin in your favorite text editor now:

sudo nano /etc/fstab

The file’s contents will be similar vĩ đại the following:

/etc/fstab

# /etc/fstab: static tệp tin system information.
UUID=06b2aae3-b525-4a4c-9549-0fc6045bd08e	/	ext4	errors=remount-ro	0	1

This fstab tệp tin is from a virtual server. A desktop or máy vi tính computer will probably have a slightly different looking fstab, but in most cases you’ll have a / or root filesystem that represents all of your disk space.

Update the line pointing vĩ đại the root filesystem by adding options as follows:

/etc/fstab

# /etc/fstab: static tệp tin system information.
UUID=06b2aae3-b525-4a4c-9549-0fc6045bd08e	/	ext4	errors=remount-ro,usrquota,grpquota	0	1

You will add the new options vĩ đại the kết thúc of any existing options, being sure vĩ đại separate them all with a comma and no spaces. The above change will allow us vĩ đại enable both user- (usrquota) and group-based (grpquota) quotas on the filesystem. If you only need one or the other, you may leave out the unused option.

Remount the filesystem vĩ đại make the new options take effect:

sudo mount -o remount /

Note: Be certain there are no spaces between the options listed in your /etc/fstab tệp tin. If you put a space after the , comma, you will see an error lượt thích the following:

Output

mount: /etc/fstab: parse error at line 2 -- ignored

If you see this message after running the previous mount command, reopen the fstab tệp tin, correct any errors, and repeat the mount command before continuing.

We can verify that the new options were used vĩ đại mount the filesystem by looking at the /proc/mounts tệp tin. Here, we use grep vĩ đại show only the root filesystem entry in that file:

cat /proc/mounts | grep ' / '

Output

/dev/vda1 / ext4 rw,relatime,quota,usrquota,grpquota,errors=remount-ro,data=ordered 0 0

Note the two options that we specified. Now that we’ve installed our tools and updated our filesystem options, we can turn on the quota system.

Step 3 – Enabling Quotas

Before finally turning on the quota system, we need vĩ đại manually run rẩy the quotacheck command once:

sudo quotacheck -ugm /

This command creates the files /aquota.user and /aquota.group. These files contain information about the limits and usage of the filesystem, and they need vĩ đại exist before we turn on quota monitoring. The quotacheck parameters we’ve used are:

  • u: specifies that a user-based quota tệp tin should be created
  • g: indicates that a group-based quota tệp tin should be created
  • m: disables remounting the filesystem as read-only while performing the initial tallying of quotas. Remounting the filesystem as read-only will give more accurate results in case a user is actively saving files during the process, but is not necessary during this initial setup.

If you don’t need vĩ đại enable user- or group-based quotas, you can leave off the corresponding quotacheck option.

We can verify that the appropriate files were created by listing the root directory:

ls /

Output

aquota.group bin dev home page initrd.img.old lib64 truyền thông media opt root sbin sys usr vmlinuz aquota.user boot etc initrd.img lib lost+found mnt proc run rẩy srv tmp var vmlinuz.old

If you didn’t include the u or g options in the quotacheck command, the corresponding tệp tin will be missing. Now we’re ready vĩ đại turn on the quota system:

sudo quotaon -v /

Output

/dev/vda1 [/]: group quotas turned on /dev/vda1 [/]: user quotas turned on

Our server is now monitoring and enforcing quotas, but we’ve not mix any yet! Next we’ll mix a disk quota for a single user.

Step 4 – Configuring Quotas for a User

There are a few ways we can mix quotas for users or groups. Here, we’ll go over how vĩ đại mix quotas with both the edquota and setquota commands.

Using edquota vĩ đại Set a User Quota

We use the edquota command vĩ đại edit quotas. Let’s edit our example sammy user’s quota:

sudo edquota -u sammy

The -u option specifies that this is a user quota we’ll be editing. If you’d lượt thích vĩ đại edit a group’s quota instead, use the -g option in its place.

This will open up a tệp tin in the mặc định text editor, similar vĩ đại how crontab -e opens a temporary tệp tin for you vĩ đại edit. The tệp tin will look similar vĩ đại this:

Disk quotas for user sammy (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/vda1                        24          0          0          7        0        0

This lists the username and uid, the filesystems that have quotas enabled on them, and the block- and inode-based usage and limits. Setting an inode-based quota would limit how many files and directories a user can create, regardless of the amount of disk space they use. Most people will want block-based quotas, which specifically limit disk space usage. This is what we will configure.

Note: The concept of a block is poorly specified and can change depending on many factors, including which command line tool is reporting them. In the context of setting quotas on Debian, it’s fairly safe vĩ đại assume that 1 block equals 1 kilobyte of disk space.

In the above listing, our user sammy is using 24 blocks, or 24KB of space on the /dev/vda1 drive. The soft and hard limits are both disabled with a 0 value.

Each type of quota allows you vĩ đại mix both a soft limit and a hard limit. When a user exceeds the soft limit, they are over quota, but they are not immediately prevented from consuming more space or inodes. Instead, some leeway is given: the user has – by mặc định – seven days vĩ đại get their disk use back under the soft limit. At the kết thúc of the seven day grace period, if the user is still over the soft limit it will be treated as a hard limit. A hard limit is less forgiving: all creation of new blocks or inodes is immediately halted when you hit the specified hard limit. This behaves as if the disk is completely out of space: writes will fail, temporary files will fail vĩ đại be created, and the user will start vĩ đại see warnings and errors while performing common tasks.

Let’s update our sammy user vĩ đại have a block quota with a 100MB soft limit, and a 110MB hard limit:

Disk quotas for user sammy (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/vda1                        24       100M       110M          7        0        0

Save and close the tệp tin. To kiểm tra the new quota we can use the quota command:

sudo quota -vs sammy

Output

Disk quotas for user sammy (uid 1001): Filesystem space quota limit grace files quota limit grace /dev/vda1 24K 100M 110M 7 0 0

The command outputs our current quota status, and shows that our quota is 100M while our limit is 110M. This corresponds vĩ đại the soft and hard limits respectively.

Note: If you want your users vĩ đại be able vĩ đại kiểm tra their own quotas without having sudo access, you’ll need vĩ đại give them permission vĩ đại read the quota files we created in Step 4. One way vĩ đại tự this would be vĩ đại make a users group, make those files readable by the users group, and then make sure all your users are also placed in the group.

To learn more about Linux permissions, including user and group ownership, please read An Introduction vĩ đại Linux Permissions

Using setquota vĩ đại Set a User Quota

Unlike edquota, setquota will update our user’s quota information in a single command, without an interactive editing step. We will specify the username and the soft and hard limits for both block- and inode-based quotas, and finally the filesystem vĩ đại apply the quota to:

sudo setquota -u sammy 200M 220M 0 0 /

The above command will double sammy’s block-based quota limits vĩ đại 200 megabytes and 220 megabytes. The 0 0 for inode-based soft and hard limits indicates that they remain unset. This is required even if we’re not setting any inode-based quotas.

Once again, use the quota command vĩ đại kiểm tra our work:

sudo quota -vs sammy

Output

Disk quotas for user sammy (uid 1001): Filesystem space quota limit grace files quota limit grace /dev/vda1 24K 200M 220M 7 0 0

Now that we have mix some quotas, let’s find out how vĩ đại generate a quota report.

Step 5 – Generating Quota Reports

To generate a report on current quota usage for all users on a particular filesystem, use the repquota command:

sudo repquota -s /

Output

*** Report for user quotas on device /dev/vda1 Block grace time: 7days; Inode grace time: 7days Space limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 981M 0K 0K 35234 0 0 nobody -- 7664K 0K 0K 3 0 0 ntp -- 12K 0K 0K 3 0 0 _apt -- 8K 0K 0K 2 0 0 debian -- 16K 0K 0K 4 0 0 sammy -- 24K 200M 220M 7 0 0

In this instance we’re generating a report for the / root filesystem. The -s command tells repquota vĩ đại use human-readable numbers when possible. There are a few system users listed, which probably have no quotas mix by mặc định. Our user sammy is listed at the bottom, with the amounts used and soft and hard limits.

Also note the Block grace time: 7days callout, and the grace column. If our user was over the soft limit, the grace column would show how much time they had left vĩ đại get back under the limit.

In the next step we’ll update the grace periods for our quota system.

Step 6 – Configuring a Grace Period for Overages

We can configure the period of time where a user is allowed vĩ đại float above the soft limit. We use the setquota command vĩ đại tự so:

sudo setquota -t 864000 864000 /

The above command sets both the block and inode grace times vĩ đại 864000 seconds, or 10 days. This setting applies vĩ đại all users, and both values must be provided even if you don’t use both types of quota (block vs. inode).

Note that the values must be specified in seconds.

Run repquota again vĩ đại kiểm tra that the changes took effect:

sudo repquota -s /

Output

Block grace time: 10days; Inode grace time: 10days . . .

The changes should be reflected immediately in the repquota output.

Conclusion

In this tutorial we installed the quota command line tools, mix up a block-based quota for one user, and generated a report on our filesystem’s quota usage.

The following are some common errors you may see when setting up and manipulating filesystem quotas.

quotaon Output

quotaon: cannot find //aquota.group on /dev/vda1 [/] quotaon: cannot find //aquota.user on /dev/vda1 [/]

This is an error you might see if you tried vĩ đại turn on quotas (using quotaon) before running the initial quotacheck command. The quotacheck command creates the aquota or quota files needed vĩ đại turn on the quota system. See Step 3 for more information.

quota Output

quota: Cannot open quotafile //aquota.user: Permission denied quota: Cannot open quotafile //aquota.user: Permission denied quota: Cannot open quotafile //quota.user: No such tệp tin or directory

This is the error you’ll see if you run rẩy quota and your current user does not have permission vĩ đại read the quota files for your filesystem. You (or your system administrator) will need vĩ đại adjust the tệp tin permissions appropriately, or use sudo when running commands that require access vĩ đại the quota tệp tin.

To learn more about Linux permissions, including user and group ownership, please read An Introduction vĩ đại Linux Permissions