Saturday, March 17, 2012

DISK QUOTAS




Diskquotas are implemented as a means of restricting users to using only a certain amount of hard disk space.
Since users cannot exceed the space limits imposed upon them there is more effective utilization of storage space.
This concept is largely employed by web hosting providers and security conscious companies.

Diskquotas can be employed for users, groups or both. The can also be implemented to restrict hard disk space in MB or to restrict the number of files created.
However as is obvious, restricting users to creating only a limited number of files will not serve much purpose as there is no limit imposed on the size of the individual files. Hence restricting users to a limited amount of hard disk space is the way to go.

Requirement :  Restrict users on hard disk space.

Solution : Implement Disk Quotas.

Since users create and store their data under their respective home folders we should implement disk quotas on the /home partition.
Disk Quota functionality has been built into the kernel ,hence there is no need to recompile the kernel.

Procedure :

Step I : Edit the file /etc/fstab

[root@akhisar root]# vi /etc/fstab

                            /home        /home    ext3     defaults,usrquota   1  2   # To implement diskquotas for users


To implement disk quotas for groups :

[root@akhisar root]#  vi /etc/fstab
                            
                             /home             /home          ext3     defaults,grpquota    1  2

#To implement disk quotas for both,users and groups :

[root@akhisar root]#  vi /etc/fstab
                            
                             /home   /home   ext3    defaults,usrquota,grpquota  1  2


Step II : Create a blank file, aquota.user or aquota.group or both under /home.

[root@akhisar root]# cd /home

[root@akhisar home]# touch aquota.user
(If implementing disk quotas for users)

To implement disk quotas for groups :

[root@akhisar home]# touch aquota.group

To implement disk quotas for both,users and groups :

[root@akhisar home]# touch aquota.user aquota.group

Change the permissions on the files created :

[root@akhisar home]# chmod 600 aquota.user
                          
                           #  chmod 600 aquota.group  ( If present )

Step III : Reboot the server for the changes made to /etc/fstab to take effect.
Step IV : Calculate the space already being used by the users and dump the information to the files aquota.user or aquota.group as applicable.

[root@akhisar home]# quotacheck -u /dev/hdax (for users)
                
                           # quotacheck -g /dev/hdax (for groups)
                
                            # quotacheck -ug /dev/hdax (for both, users and groups)

(The quotacheck  command scans the home folder of every user, calculates the disk space used by each user and dumps the information to the files aquota.user and aquota.group as is applicable. The size of the aquota.user or aquota.group  files then increase.

`x' is the partition number of the /home partition, which can be obtained by executing the following command :

 [root@akhisar root]# df -h (this command will output information about all the linux partitions on the server hard disk.

Step V : Turn the quota settings on

[root@akhisar home]# quotaon -av (For users)
                
                            # quotaon -avug (For users and groups)

Step V1 : Edit the quota settings for individual or multiple users, or groups

[root@akhisar root]# edquota -u ryan (edit quota settings for the user ryan)
                             edit quota settings for multiple users that need similar quota settings.        

                         #  edquota -p santosh,shaji (if the users santosh and shaji need identical quota settings)

                         #  edquota -g sales (edit quota settings for the group sales)

# edquota -u ryan
   Disk quotas for user ryan (uid 518):
   Filesystem                   blocks       soft       hard     inodes     soft
    hard
   /dev/hda3                       424          0          0        115        0
       0

To restrict the user ryan to a maximum of 5MB of hard disk space :

   Disk quotas for user ryan (uid 518):
   Filesystem                   blocks       soft       hard     inodes     soft
     hard
   /dev/hda3                   424          2000       5000      115        0
     0

(As soon as the user ryan reaches or crosses his soft limit of 2MB he gets a warning message saying that his softlimit has been reached or exceeded. He will still be able to work as long as he stays under his hard limit of 5MB. The moment he toches his hard limit of 5MB he will be stopped from working.
The moment ryan touches his soft limit of 2MB his grace period counter activates and starts decrementing with each passing day. At the end of 7 days although ryan might still be under his hard limit of 5MB,since his grace period has expired,his soft limit will be converted to his hard limit and he will be stopped from working.


Step VII : Test

Login as the user ryan and try to copy data of more than 5MB,you should get a message saying "Disk Quota Exceeded".

Step VIII : Run a check on quota settings applied to all users of the system

[root@akhisar home]# repquota -u /dev/hdax (`x' is partition number of /home)

                               *** Report for user quotas on device /dev/hda3
                               Block grace time: 7days; Inode grace time: 7days
                                          Block limits                File limits
                               User            used    soft    hard  grace    used  soft  hard  grace
                               ----------------------------------------------------------------------
                               root      --       32          0         0                6     0       0
                               new       --      76          0         0              18     0       0
                               ryan      --     424    2000    5000            115     0       0
                               santosh   --     88          0         0              22     0       0
                               shyam     --     92          0         0              22     0       0
                               rhea      --       28          0         0                7     0       0
                               john      --       52          0         0              18      0      0
                               nilesh    --       40          0         0              10      0      0
                               raj       --         40         0          0              10      0      0
                               boss      --       40          0         0               10     0      0
                               hacluster --      40         0         0               10      0      0
                               qscand    --      56         0         0               14      0      0

[ The above report shows that diskquotas have been enabled only for the user ‘ryan’. Softlimit for ryan =2MB
   hardlimit = 5MB ]     

To run a check on quota settings for a particular user ryan :
[root@akhisar home]# quota -u ryan

Disk quotas for user ryan (uid 518):
     Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
      /dev/hda3     424    2000    5000             115       0       0


To edit the default grace period :

[root@akhisar home]# edquota -t
(This is a global setting,it cannot be set per user)

        Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
  Filesystem             Block grace period     Inode grace period
  /dev/hda3                     7days                  7days


To change the block grace period to 14 days :

Time units may be: days, hours, minutes, or seconds
  Filesystem             Block grace period     Inode grace period
  /dev/hda3                     14days                  7days

Important :
To erase a user from the system, first disable the quota settings for that user.
A user who has his quota settings activated cannot be deleted.

No comments:

Post a Comment