Linux disk quotas detailed (Quota)

1. Check kernel conditions

Check whether the current kernel supports quota and the current kernel profile is in/boot

If the current kernel does not support quota, you will need to recompile the kernel to compile quota supports into the core:

File Systems---> [*] Quota support

2. Modify the/etc/fstab to activate the quota option for the selected file system

Vim/etc/fstab

3. Re-mount the file system

After adding the Usrquota and Grpquota options, re-mount each corresponding Fstab entry to the modified file system. If a file system is not being used by any process, use the Umount command to mount the file system again followed by the Mount command. If a file system is being used, the easiest way to re-mount the file system is to reboot the system or use the command:

[[Email protected] ~] #mount-o remount,usrquota,grpquota/home.

Must not forget Usrquota,grpquota

4. Scan the corresponding file system and generate the basic quota file with the Quotacheck command.

[Email protected] ~]# Quotacheck-cugmv/home

Run the Quotacheck command, the Quotacheck command checks the quota-enabled file system, and establishes a table for each file system for the current disk. The table is used to update the disk usage files for the operating system. Additionally, the disk quota file for the file system is updated. To create a quota file on the file system

The following options are available:

A-check all quota-enabled locally mounted file systems

V Displays detailed status information during the check quota process

U-Check User disk quota information

G-Check Group disk quota information

After the Quotacheck is run, data for each quota-enabled file system (such as/home) is written in the corresponding quota file for the quota (user and/or group) that is enabled.

The simplest way to run it regularly is to use cron. As root, you can either use the CRONTAB-E command to schedule periodic Quotacheck, or you can place a script running Quotacheck in one of the following directories (using the time interval you need most):

? /etc/cron.hourly

? /etc/cron.daily

? /etc/cron.weekly

? /etc/cron.monthly

The most accurate quota statistics can be obtained when the file system being analyzed is not actively used. Therefore, the cron task should be dispatched when the file system is least used. If this time is not uniform in the file system using quotas, use multiple cron tasks to run Quotacheck for each file system at different times.

5. Activate quotas with the Quotaon command.

[[Email protected] ~] #quotaon/Home

6. Use the Edquota command to apply a quota limit to a specific user. Edquota–u username

To configure quotas for a user, execute the following command at the shell prompt as the root user:

Edquota-u username

Perform this step for each user that you want to implement quotas for. For example, if quotas are enabled for the/home partition in/etc/fstab and the Edquota testuser command is executed, the system default editor

There will be a display of:

There are seven sections in the document:

Filesystem = File system for quota control.

blocks = number of blocks already in use (unit 1KB)

Soft = "soft" limits on the number of blocks used

Hard = block uses a number of "rigid" limits

Inode = number of inode already in use

Soft = Inode uses a number of "soft" limits

Hard = Inode uses a number of "rigid" limits

Similar to the edquota–t and Edquota commands, this command also opens the current file system quota in a text editor:

Grace period before enforcing soft limits for users:

Time units may be:days, hours, minutes, or seconds

Filesystem Block grace period Inode grace period

/DEV/HDB1 10days 10days

In addition, the above two operations can be used

The above settings can also be set using the Setquota command:

Setquota-u someone 0 0 3 5/dev/loop0

Setquota-t 864000 864000/dev/loop0

PS. 864000 is the number of seconds in 10 days. An hour = 3,600 seconds, one day = 86,400 seconds

#. After the disk quota is complete, you must enable quota management with the QUOTAON-AV command.

7. Test: SU username, test: dd If=/dev/zero of=file1 bs=1k count=50.

8. Managing disk Quotas

If quotas are implemented, they need to be maintained-the primary maintenance method is observation. See if the quotas are exceeded and ensure that the quotas are correct. Of course, if users repeatedly exceed their quotas or continue to reach their soft limit, system administrators can make several decisions based on user type and disk space's impact on their work. Administrators can help users to retrieve the use of disk space, or increase the user's quota as needed.

1. Reporting disk quotas

Creating a disk usage report requires running the Repquota tool. For example, the Repquota/home command produces the following output:

Report for user quotas on Device/dev/hda3

Block Grace Time:7days; Inode Grace Time:7days

Block Limits File Limits

User used soft hard grace used soft hard grace

-------------------------------------------

Naima--540 0 0 125 0 0

TestUser--440400 500000 550000 37418 0 0

To view the disk usage for all quota-enabled file systems, use the following command:repquota–a

Although the report looks simple, there are a few points that need to be explained. Displayed behind each user-is a quick way to determine whether a user is exceeding its block limit or the inner node limit. If any one soft limit is exceeded, the corresponding-line will be-replaced; the first-represents the block limit, and the second represents the inner node limit. The Grace column is usually blank. If a soft limit is exceeded, this column contains the remainder of the transition period. If the transition period is exceeded, none is displayed.

2. Disk quotas are enabled and disabled

You can disable them without having to set the quota to zero. To turn off user and group quotas, use the following command:

Quotaoff–vaug

If the-u or-G option is not specified, only the user quota is disabled. If only the-G option is specified, only the group quota is disabled.

To re-enable quotas, use the Quotaon command with the same option.

For example, to enable user and group quotas for all file systems:

Quotaon–vaug

To enable quotas for a specified file system (such as/home):

Quotaon-vug/home

If the-u or-G option is not specified, then only the user quota is enabled. If you specify only the-G option, only the group quota is enabled.

3. Assigning quotas to a group

Quotas can also be assigned according to the group. For example, to set a group quota for a devel group , use the following command (the group must exist before you set up the group quota):

Edquota-g devel

The above command displays the existing group quotas in a text editor:

Modify the limit, save the file, and then configure the quota.

To verify that the group quota is set, use the following command:

Quota-g devel

Summary:

Disk quotas In addition to monitoring disk space used on the system, you can also limit disk space by implementing disk quotas, so the system administrator receives a warning when the user is using too much disk space or the partition will be filled. Disk quotas can be configured for individual users or for user groups. This flexibility allows each user to be assigned a smaller quota to process "personal" files (such as e-mail and reports) and allow them to have a larger quota for the projects they are working on (assuming the project has its own group).

In addition, quotas can be set to control not only the number of disk blocks used, but also the number of internal nodes. Because the inner node contains file-related information, the control of the internal node controls the number of files that can be created.

In addition, we can protect against system attacks by setting disk quotas: In most cases hacking the remote system must upload the Trojan or backdoor to the remote system. How can we cut off the hacker's path? The disk quotas feature in the Linux file system can help users easily manage disk usage space. According to the user's rights and usage in the system, the user can reasonably specify the use of space, so that the configuration does not affect the normal operation of the system, but also enhance the security of the system.

In general, if the server can perform write operations without restrictions, it can be a way to plug the hard disk into a Dos attack, such as: to anonymous FTP plug junk files. This can also fill the hard disk space. This type of attack can be effectively limited by disk quotas.

Linux disk quotas detailed (Quota)