Managing Linux Disk Quotas
Linux Disk Quotas
Disk Quotas are a mechanism the Systems Administrator can activate to limit the amount of disk space a user or a group may use within a filesystem. Quotas prevent users and groups from using a greater share of a filesystem than they are allowed to.
To verify you have the "quota" package installed, issue one of the following commands depending on your distribution:
From a Debian based system (Debian, Ubuntu, Mint) you can issue the following command:
dpkg -l quota
john@john-desktop:~$ dpkg -l quota Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Description +++-==============-==============-============================================ ii quota 4.00-3ubuntu1 implementation of the disk quota system
From a Red Hat based system (RHEL, CentOS, Fedora, SLES) you can issue the following command:
rpm -q quota
ls001a:/ # rpm -qa quota quota-3.16-50.37.1
Basic steps for creating Disk Quotas
The method for creating and using Disk quotas can be broken down into four basic stages as follows:
Editing the mount table /etc/fstab and mounting our filesystems
To edit your mount table, you will need to be the "root" user of your system. First you will need to locate the filesystem within your mount table or create a new entry for the filesystem(s) that require disk quotas enabling. Here you will be adding the entries "usrquota" and "grpquota" after the "defaults" section:
Add the following entry within your mount table:
/dev/vg01/lv01 /myspace ext3 defaults,usrquota,grpquota 0 0
Next we need to create a mount point by using the "mkdir" command. Once our mount point has been created, issue the "mount -a" command. This command will attempt to mount any filesystems that are found within the mount table.
ls001a:/ # mkdir myspace ls001a:/ # mount -a ls001a:/ # df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/system-root 6.7G 4.8G 1.6G 76% / devtmpfs 2.0G 180K 2.0G 1% /dev tmpfs 2.0G 188K 2.0G 1% /dev/shm /dev/sda1 152M 36M 109M 25% /boot /dev/mapper/system-home 4.0G 154M 3.6G 5% /home /dev/mapper/lint01vg-lint01lv01 39G 437M 37G 2% /MySQL /dev/mapper/system-tst 985M 18M 918M 2% /tst /dev/mapper/vg01-lv01 788M 17M 731M 3% /myspace
We can also issue the "df -h" command to display our mounted filesystems. Here we can see that our filesystem has been mounted on "/myspace".
Create Quota Files
So far we have enabled the filesystem for use with quotas, however, we first need to create a quota file for each relevant filesystem. The command for this is "quotacheck". The "quotacheck" command is issued with the "-c" parameter:
The "-a" option creates a user and group quotafile in the root of each filesystem that has the "usrquoata" and "grpquota" specified in the mount table.
If you only require "user quotas" or only "group quotas", you can leave the "-a" option off your command. You will then need to specify one of the flags below as required. The "-g" flag is used to create a group file.
The "-u" flag is used to create a user file.
If you are attempting to enable a quota on a filesystem that is already in use, then you will need to specify the "-m" flag". This will stop the "quotacheck" command from trying to remount the filesystem in read only mode.
ls001a:/ # quotacheck -augvc quotacheck: Scanning /dev/mapper/vg01-lv01 [/myspace] done quotacheck: Cannot stat old user quota file: No such file or directory quotacheck: Cannot stat old group quota file: No such file or directory quotacheck: Cannot stat old user quota file: No such file or directory quotacheck: Cannot stat old group quota file: No such file or directory quotacheck: Checked 2 directories and 2 files quotacheck: Old file not found. quotacheck: Old file not found. ls001a:/ # cd /myspace/ ls001a:/myspace # ls -al total 24 drwxr-xr-x 2 john john 4096 May 20 13:46 . drwxr-xr-x 31 root root 4096 May 20 13:44 .. -rw------- 1 root root 7168 May 20 13:46 aquota.group -rw------- 1 root root 7168 May 20 13:46 aquota.user
Turn Quotas ON or OFF
The commands for switching quotas "on" or "off" are "quotaon" and "quotaoff".
ls001a:/ # quotaon -p /myspace/ group quota on /myspace (/dev/mapper/vg01-lv01) is off user quota on /myspace (/dev/mapper/vg01-lv01) is off ls001a:/ # quotaon -uagv /dev/mapper/vg01-lv01 [/myspace]: group quotas turned on /dev/mapper/vg01-lv01 [/myspace]: user quotas turned on
(use quotaoff for switching off) quotaoff -ugv /myspace
The following options -a, -g, -u, and -v have the same meaning as for the "quotacheck" command. Similarly, if you do not specify the -a option, you must specify a filesystem.
Assigning quotas to Users and Groups
The command used for editing quota files for users and groups is "edquota. The syntax of the command is "edquota followed by "-u" for users or "-g" for group and lastly the userid or group. Below is an example of a quota file being edited:
ls001a:/ # edquota -u john Disk quotas for user john (uid 1008): Filesystem blocks soft hard inodes soft hard /dev/mapper/vg01-lv01 4 0 0 1 0 0
The above is our file before we have amended our entries. Below, I have created a soft limit of "10240" which equates to "10MB" for the soft limit and "15360" for the hard limit (15MB). I have also created an "inode" soft limit of "20" and a hard limit of "40".
inode limit: The "inode" value related to the maximum number of files that a user or group can create within the filesystem.
Soft Limit for blocks: The soft limit is a threshold that is set that can be breached upto the limit defined under the hard limit. This soft limit is allowed to be breached for a period of only 7 days by default. This period is called the "grace" period.
Hard Limit for blocks: The hard limit is a limit that can not be exceeded. In our example we have set this to "15MB" Edit as follows:
Disk quotas for user john (uid 1008): Filesystem blocks soft hard inodes soft hard /dev/mapper/vg01-lv01 4 10240 15360 1 20 40
Once you have made your changes within your editor of choice, you will need to save these changes in the usual manner.
Now we can define our quota limits for our groups. In the following example, I apply the limits to a group called "john".
ls001a:/ # edquota -g john Disk quotas for group john (gid 17002): Filesystem blocks soft hard inodes soft hard /dev/mapper/vg01-lv01 4 10240 15360 1 20 40
Defining Grace Periods
The grace period is a number of days that the soft limit can be breached for. The default value is 7 days. After the grace period, the soft limit is enforced as a hard limit. This value can be modified by using the "-t parameter with the "edquota". After issuing the "-t" parameter, you will be issued with an entry containing the default values of seven days. here you can set whatever grace period suits your needs. Time units can be of days, hours, minutes or seconds.
If you have multiple users that need the same quota limits set, you can create these easily by using an existing user as a model. To copy the limits you need to specify the command as: edquota -p model_id new_user1 new_user2.
Testing your Quotas
An easy way of testing your quota limits is to create a file that will breach one of the "soft" or "hard" limits. An easy way to test this is by using the "dd" command to create a file of a specific size:
First, login as the user who has the quota limit set. In our example this is the user "john"
john@ls001a:/myspace> dd if=/dev/zero of=/myspace/john.tst bs=1024 count=10240 dm-5: warning, user block quota exceeded. 10240+0 records in 10240+0 records out 10485760 bytes (10 MB) copied, 0.137397 s, 76.3 MB/s john@ls001a:/myspace> ls -lh total 11M -rw------- 1 root root 7.0K May 20 14:19 aquota.group -rw------- 1 root root 7.0K May 20 13:57 aquota.user -rw-r--r-- 1 john users 10M May 20 14:19 john.tst
From the above we can see that the warning, user block quota exceeded
To verify this further, you can issue the "quota" command:
ls001a:/ # quota john Disk quotas for user john (uid 1008): Filesystem blocks quota limit grace files quota limit grace /dev/mapper/vg01-lv01 10260* 10240 15360 6days 2 20 40
If we repeat the same process and create another file of 10MB, we will exceed the hard block limit:
john@ls001a:/myspace> dd if=/dev/zero of=/myspace/john2.tst bs=1024 count=10240 dm-5: write failed, user block limit reached. dd: writing `/myspace/john2.tst': Disk quota exceeded 5089+0 records in 5088+0 records out 5210112 bytes (5.2 MB) copied, 0.0484131 s, 108 MB/s
This time, we didn't succeed in creating our file as the creation was terminated as we had breached the hard block limit. Below shows that a partial file was created.
john@ls001a:/myspace> ls -l total 15372 -rw------- 1 root root 7168 May 20 14:19 aquota.group -rw------- 1 root root 7168 May 20 13:57 aquota.user -rw-r--r-- 1 john users 5210112 May 20 14:22 john2.tst -rw-r--r-- 1 john users 10485760 May 20 14:19 john.tst
Generating Quota Reports
A useful function called "repquota" can be used to list all filesystems with quotas enabled. This report can be quite useful to an administrator as it allows them to keep track of who is using what space.
ls001a:/ # repquota -ug /myspace *** Report for user quotas on device /dev/mapper/vg01-lv01 Block grace time: 7days; Inode grace time: 7days Block limits File limits User used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 17192 0 0 2 0 0 john +- 15360 10240 15360 6days 3 20 40 *** Report for group quotas on device /dev/mapper/vg01-lv01 Block grace time: 7days; Inode grace time: 7days Block limits File limits Group used soft hard grace used soft hard grace ---------------------------------------------------------------------- root -- 17192 0 0 2 0 0 users -- 15356 0 0 2 0 0 john -- 4 10240 15360 1 20 40
Quotas can be very useful where you need to apply restrictions to the amount of space that is used by users or groups. It is also worth pointing out though that these limits need to be correctly sized to limit large scale disruption to your service. You also need to set a grace period where users have a chance to remove any unwanted or large files. If the grace period is too small, then the hard limit may be applied too early causing possible disruption to users and jobs.
Further information regarding using quotas can be found within the "man" pages. example: "man quota" or "man edquota".