How to Enable User and Group Quotas
Installing Quota
This guide starts by installing the quota program using the following command:
apt-get install quota
The mount options of the file system need to be edited before user specific quotas can be used. The mount file fstab needs to be opened for editing using the following command:
sudo nano /etc/fstab
The quotas are enabled by adding a usrquota and/or grpquota to the mounting options of the main hard disk. When using ursquota, the quotas are only enabled on specific users. The grpquota option allows for quotas on user groups.
Both options can be independently added depending on the desired result. The fstab file should be edited as follows for enabling user quotas (for group quotas add grpquota).
LABEL=DOROOT / ext4 errors=remount-ro,usrquota 0 1
Save the file and enable the new mount options by remounting the file system as follows:
mount -o remount /
The following command will create a new quotas file in the root directory of the file system. This is an index file used by the quota tool for keeping track of the user's disk size. It also contains the user limits and configured options.
quotacheck -cum /
The command consists of the following three parameters:
-
The
cparameter indicates the creation of a new file, overwriting any previous files. -
The
uparameter indicates that a new user index file should be created. To also create a group index file, add thegcommand in the previous command. -
The
mparameter indicates that no read-only mount of the complete file system is required to generate the different index files.
Because the m parameter is used, it's possible that a small mismatch happens in the actual specific user disk size and the calculated disk size by the quota program. Make sure that no user is currently uploading files to the server when running the previous command to minimize a possible mismatch.
The following command announces to the system that disk quotas should be enabled on the desired file system.
quotaon /
A similar command can be used to turn off disk quota checking, thus disabling the quotas for the different users and groups.
quotaoff
Configuring Quotas For Different Users
The user quotas are configured using the edquota command, followed by the desired user name or group name. The command will open the default configured text editor. In this guide, we assume that the user ftpuser should receive a quota of 10Mb. The command used is as follows:
edquota ftpuser
Which opens the quota file for editing
Disk quotas for user ftpuser (uid 1001):
Filesystem blocks soft hard inodes soft hard
/dev/disk/by-label/DOROOT 8 10000 10240 2 0 0
The text editor shows 7 different columns:
-
Indicates the name of the file system that has a quota enabled
-
Indicates the amount of blocks currently used by the user
-
Indicates the soft block limit for the user on the file system
-
Indicates the hard block limit for the user on the file system
-
Indicates the amount of inodes currently used by the user
-
Indicates the soft inode limit for the user on the file system
-
Indicates the hard inode limit for the user on the file system
The blocks refer to the amount of disk space, while the inodes refer to the number of files/folders that can be used. Most of the time the block amount will be used in the quota.
The hard block limit is the absolute maximum amount of disk space that a user or group can use. Once this limit is reached, no further disk space can be used. The soft block limit defines the maximum amount of disk space that can be used. However, unlike the hard limit, the soft limit can be exceeded for a certain amount of time. This time is known as the grace period. More information about the grace period later in the guide.
In the example above, a soft limit off 9,785Mb and hard limit of 10Mb are used. To see the quota in action an FTP/SFTP transfer can be started, where multiple files will be uploaded with a total size of 12 Mb for example (as long as its larger than the hard limit). The FTP/SFTP client will indicate a transfer error, meaning that the user will be unable to upload any files. Of course, 10Mb isn't a meaningful quota. In this guide every user will get a soft limit of 976 Mb and a hard limit of 1Gb. The configuration looks as follows:
Disk quotas for user ftpuser (uid 1001):
Filesystem blocks soft hard inodes soft hard
/dev/disk/by-label/DOROOT 8 1000000 1048576 2 0 0
For checking the quota of a specific user, the quota command can be used followed by the user or group
quota ftpuser
Which gives the following output
Disk quotas for user ftpuser (uid 1001):
Filesystem blocks soft hard inodes soft hard
/dev/disk/by-label/DOROOT 8 1000000 1048576 2 0 0
Generating Reports
It is possible to generate a report from the different quotas. The following command is used:
repquota -a
Which produces the following output
*** Report for user quotas on device /dev/disk/by-label/DOROOT
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
------------------------------------------------------------------------------------
root -- 1118708 0 0 37093 0 0
daemon -- 68 0 0 4 0 0
man -- 9568 0 0 139 0 0
www-data -- 2908 0 0 15 0 0
nobody -- 0 0 0 1 0 0
libuuid -- 24 0 0 2 0 0
Debian-exim -- 44 0 0 10 0 0
mysql -- 30116 0 0 141 0 0
ftpuser -- 8 1000000 1048576 2 0 0
Optional: Specify A Grace Period
To give current users some time to reduce their files on the droplet, a grace period can be configured. This is the allowed time a user can exceed their soft limit, while still staying under the hard limit. The grace time is configured using the following command [notice that this is system wide; no user specific configuration is possible]. The grace period can be expressed in seconds, minutes, hours, days, weeks or months.
edquota -t
The command gives the following output and specifies the different time unites that could be used. For this guide, a grace period of 7 days is used.
Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
Filesystem Block grace period Inode grace period
/dev/disk/by-label/DOROOT 7days 7days
Conclusion
The quotas will be automatically updated and enforced when a user transfers/creates/moves/deletes a file/folder. Remember that the quota program works by looking at the owner or group of a specific file/folder. SSH users could escape the quotas by changing the owner or group of their files.
https://www.digitalocean.com/community/tutorials/how-to-enable-user-and-group-quotas