Disk Quotas

Managing Linux Disk Quotas

Linux Disk Quotas


Disk Quotas are a mechanism the Systems Administrator can activate to limit the amount of disk space a user or a group may use within a filesystem. Quotas prevent users and groups from using a greater share of a filesystem than they are allowed to.



To verify you have the "quota" package installed, issue one of the following commands depending on your distribution:

From a Debian based system (Debian, Ubuntu, Mint) you can issue the following command:

dpkg -l quota



john@john-desktop:~$ dpkg -l quota
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version        Description
+++-==============-==============-============================================
ii  quota          4.00-3ubuntu1  implementation of the disk quota system

From a Red Hat based system (RHEL, CentOS, Fedora, SLES) you can issue the following command:

rpm -q quota



ls001a:/ # rpm -qa quota
quota-3.16-50.37.1

Basic steps for creating Disk Quotas


The method for creating and using Disk quotas can be broken down into four basic stages as follows:

  • Add/amend entries in "/etc/fstab" enabling relevant filesystems that need quotas applying to.
  • Remount the filesystems
  • Create quota files and usage tables
  • Assign quotas to users/groups


  • Editing the mount table /etc/fstab and mounting our filesystems


    To edit your mount table, you will need to be the "root" user of your system. First you will need to locate the filesystem within your mount table or create a new entry for the filesystem(s) that require disk quotas enabling. Here you will be adding the entries "usrquota" and "grpquota" after the "defaults" section:

    Example:

    Add the following entry within your mount table:

    /dev/vg01/lv01 /myspace ext3 defaults,usrquota,grpquota 0 0

    Next we need to create a mount point by using the "mkdir" command. Once our mount point has been created, issue the "mount -a" command. This command will attempt to mount any filesystems that are found within the mount table.


    
    ls001a:/ # mkdir myspace
    ls001a:/ # mount -a
    
    ls001a:/ # df -h
    Filesystem                       Size  Used Avail Use% Mounted on
    /dev/mapper/system-root          6.7G  4.8G  1.6G  76% /
    devtmpfs                         2.0G  180K  2.0G   1% /dev
    tmpfs                            2.0G  188K  2.0G   1% /dev/shm
    /dev/sda1                        152M   36M  109M  25% /boot
    /dev/mapper/system-home          4.0G  154M  3.6G   5% /home
    /dev/mapper/lint01vg-lint01lv01   39G  437M   37G   2% /MySQL
    /dev/mapper/system-tst           985M   18M  918M   2% /tst
    /dev/mapper/vg01-lv01            788M   17M  731M   3% /myspace
    

    We can also issue the "df -h" command to display our mounted filesystems. Here we can see that our filesystem has been mounted on "/myspace".


    Create Quota Files


    So far we have enabled the filesystem for use with quotas, however, we first need to create a quota file for each relevant filesystem. The command for this is "quotacheck". The "quotacheck" command is issued with the "-c" parameter: quotacheck -acug

    The "-a" option creates a user and group quotafile in the root of each filesystem that has the "usrquoata" and "grpquota" specified in the mount table.

    If you only require "user quotas" or only "group quotas", you can leave the "-a" option off your command. You will then need to specify one of the flags below as required. The "-g" flag is used to create a group file.

    The "-u" flag is used to create a user file.

    If you are attempting to enable a quota on a filesystem that is already in use, then you will need to specify the "-m" flag". This will stop the "quotacheck" command from trying to remount the filesystem in read only mode.


    
    ls001a:/ # quotacheck -augvc
    quotacheck: Scanning /dev/mapper/vg01-lv01 [/myspace] done
    quotacheck: Cannot stat old user quota file: No such file or directory
    quotacheck: Cannot stat old group quota file: No such file or directory
    quotacheck: Cannot stat old user quota file: No such file or directory
    quotacheck: Cannot stat old group quota file: No such file or directory
    quotacheck: Checked 2 directories and 2 files
    quotacheck: Old file not found.
    quotacheck: Old file not found.
    
    ls001a:/ # cd /myspace/
    ls001a:/myspace # ls -al
    total 24
    drwxr-xr-x  2 john john 4096 May 20 13:46 .
    drwxr-xr-x 31 root root 4096 May 20 13:44 ..
    -rw-------  1 root root 7168 May 20 13:46 aquota.group
    -rw-------  1 root root 7168 May 20 13:46 aquota.user
    


    Turn Quotas ON or OFF


    The commands for switching quotas "on" or "off" are "quotaon" and "quotaoff".


    
    ls001a:/ # quotaon -p /myspace/
    group quota on /myspace (/dev/mapper/vg01-lv01) is off
    user quota on /myspace (/dev/mapper/vg01-lv01) is off
    
    ls001a:/ # quotaon -uagv
    /dev/mapper/vg01-lv01 [/myspace]: group quotas turned on
    /dev/mapper/vg01-lv01 [/myspace]: user quotas turned on
    

    (use quotaoff for switching off) quotaoff -ugv /myspace

    The following options -a, -g, -u, and -v have the same meaning as for the "quotacheck" command. Similarly, if you do not specify the -a option, you must specify a filesystem.


    Assigning quotas to Users and Groups


    The command used for editing quota files for users and groups is "edquota. The syntax of the command is "edquota followed by "-u" for users or "-g" for group and lastly the userid or group. Below is an example of a quota file being edited:


    
    ls001a:/ # edquota -u john
    
    Disk quotas for user john (uid 1008):
      Filesystem                   blocks       soft       hard     inodes     soft     hard
      /dev/mapper/vg01-lv01             4          0          0          1        0        0
    

    The above is our file before we have amended our entries. Below, I have created a soft limit of "10240" which equates to "10MB" for the soft limit and "15360" for the hard limit (15MB). I have also created an "inode" soft limit of "20" and a hard limit of "40".

    inode limit: The "inode" value related to the maximum number of files that a user or group can create within the filesystem.

    Soft Limit for blocks: The soft limit is a threshold that is set that can be breached upto the limit defined under the hard limit. This soft limit is allowed to be breached for a period of only 7 days by default. This period is called the "grace" period.

    Hard Limit for blocks: The hard limit is a limit that can not be exceeded. In our example we have set this to "15MB" Edit as follows:


    
    Disk quotas for user john (uid 1008):
      Filesystem                   blocks       soft       hard     inodes     soft     hard
      /dev/mapper/vg01-lv01             4      10240      15360          1       20       40
    

    Once you have made your changes within your editor of choice, you will need to save these changes in the usual manner.

    Now we can define our quota limits for our groups. In the following example, I apply the limits to a group called "john".


    
    ls001a:/ # edquota -g john
    
    Disk quotas for group john (gid 17002):
      Filesystem                   blocks       soft       hard     inodes     soft     hard
      /dev/mapper/vg01-lv01             4      10240      15360          1       20       40
    

    Defining Grace Periods


    The grace period is a number of days that the soft limit can be breached for. The default value is 7 days. After the grace period, the soft limit is enforced as a hard limit. This value can be modified by using the "-t parameter with the "edquota". After issuing the "-t" parameter, you will be issued with an entry containing the default values of seven days. here you can set whatever grace period suits your needs. Time units can be of days, hours, minutes or seconds.


    Copying Quotas


    If you have multiple users that need the same quota limits set, you can create these easily by using an existing user as a model. To copy the limits you need to specify the command as: edquota -p model_id new_user1 new_user2.


    Testing your Quotas


    An easy way of testing your quota limits is to create a file that will breach one of the "soft" or "hard" limits. An easy way to test this is by using the "dd" command to create a file of a specific size:

    First, login as the user who has the quota limit set. In our example this is the user "john"


    
    john@ls001a:/myspace> dd if=/dev/zero of=/myspace/john.tst bs=1024 count=10240
    dm-5: warning, user block quota exceeded.
    10240+0 records in
    10240+0 records out
    10485760 bytes (10 MB) copied, 0.137397 s, 76.3 MB/s
    
    john@ls001a:/myspace> ls -lh
    total 11M
    -rw------- 1 root root  7.0K May 20 14:19 aquota.group
    -rw------- 1 root root  7.0K May 20 13:57 aquota.user
    -rw-r--r-- 1 john users  10M May 20 14:19 john.tst
    

    From the above we can see that the warning, user block quota exceeded
    To verify this further, you can issue the "quota" command:


    
    ls001a:/ # quota john
    Disk quotas for user john (uid 1008):
         Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
    /dev/mapper/vg01-lv01
                      10260*  10240   15360   6days       2      20      40
    

    Exceeded Message


    If we repeat the same process and create another file of 10MB, we will exceed the hard block limit:


    
    john@ls001a:/myspace> dd if=/dev/zero of=/myspace/john2.tst bs=1024 count=10240
    dm-5: write failed, user block limit reached.
    dd: writing `/myspace/john2.tst': Disk quota exceeded
    5089+0 records in
    5088+0 records out
    5210112 bytes (5.2 MB) copied, 0.0484131 s, 108 MB/s
    

    This time, we didn't succeed in creating our file as the creation was terminated as we had breached the hard block limit. Below shows that a partial file was created.


    
    john@ls001a:/myspace> ls -l
    total 15372
    -rw------- 1 root root      7168 May 20 14:19 aquota.group
    -rw------- 1 root root      7168 May 20 13:57 aquota.user
    -rw-r--r-- 1 john users  5210112 May 20 14:22 john2.tst
    -rw-r--r-- 1 john users 10485760 May 20 14:19 john.tst
    

    Generating Quota Reports


    A useful function called "repquota" can be used to list all filesystems with quotas enabled. This report can be quite useful to an administrator as it allows them to keep track of who is using what space.


    
    ls001a:/ # repquota -ug /myspace
    *** Report for user quotas on device /dev/mapper/vg01-lv01
    Block grace time: 7days; Inode grace time: 7days
                            Block limits                File limits
    User            used    soft    hard  grace    used  soft  hard  grace
    ----------------------------------------------------------------------
    root      --   17192       0       0              2     0     0
    john      +-   15360   10240   15360  6days       3    20    40
    
    
    *** Report for group quotas on device /dev/mapper/vg01-lv01
    Block grace time: 7days; Inode grace time: 7days
                            Block limits                File limits
    Group           used    soft    hard  grace    used  soft  hard  grace
    ----------------------------------------------------------------------
    root      --   17192       0       0              2     0     0
    users     --   15356       0       0              2     0     0
    john      --       4   10240   15360              1    20    40
    

    Conclusion


    Quotas can be very useful where you need to apply restrictions to the amount of space that is used by users or groups. It is also worth pointing out though that these limits need to be correctly sized to limit large scale disruption to your service. You also need to set a grace period where users have a chance to remove any unwanted or large files. If the grace period is too small, then the hard limit may be applied too early causing possible disruption to users and jobs.

    Further information regarding using quotas can be found within the "man" pages. example: "man quota" or "man edquota".