Quota

Preventing Disk full

© 2010 Dennis Leeuw dleeuw at made-it dot com
License: GPLv2 or later

Introduction

Quota helps you to limit users in their disk use. You can limit users in de amount of diskspace they can use, and the amount of inodes that can be used. These settings can be applied per user or per group. Quota works per filesystem, so you can decide per filesystem what the settings will be.

There are two quota version systems available. The new version provides you (amongst other things) with a journald quota system, which prevents running a quota check during boot times. More on this later, for now we provide you with an overview which you can skip, but might be handy later on:
VersionFormatFiles
1vfsoldquota.user
quota.grp
2vfsv0aquota.user
aquota.grp

From the convertquota man-page: New file format allows using quotas for 32-bit uids / gids, setting quotas for root, accounting used space in bytes (and so allowing use of quotas in ReiserFS) and it is also architecture independent.

To convert from the old system to the new use convertquota.

Initial setup

Since quota is part of all modern kernels and distributions, install quota through the provided package manager.

Since there are two flavours, we need to find out what our system supports. To do so we will first adjust the system to support the old version, and if needed we will adjust the system to support the new version. In this document we will add quota to a single filesystem called /dev/sdc1 which is mounted on /data/sdc1.

/etc/fstab

Adjust your /etc/fstab file and add support to the filesystem that you want to have quota support. For only user quota support use something like: 

/dev/sdc1	/data/sdc1	ext3	defaults,usrquota	0	0
For group quota support use: 
/dev/sdc1	/data/sdc1	ext3	defaults,grpquota	0	0
And if you want user and group quota use: 
/dev/sdc1	/data/sdc1	ext3	defaults,usrquota,grpquota	0	0

Remount the filesystem with quota support: 

mount -o remount /data/sdc1

Do a quota check

Now run quotacheck on the filesystem you want to support quota: 

quotacheck -vug /dev/sdc1
If you get a message like this: 
quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
It means that you have quota that supports journaling and a /data/sdc1/aquota.user is created (or .grp or both dependent on your choices).

Adjust /etc/fstab for a journald quota

If you got the message about journaled quota, this section will help you support it, else skip to the next section

Adjust your /etc/fstab file and add support to the filesystem that you want to have quota support. For only user quota support use something like: 

/dev/sdc1	/data/sdc1	ext3	defaults,usrjquota=aquota.user,jqfmt=vfsv0	0	0
For group quota support use: 
/dev/sdc1	/data/sdc1	ext3	defaults,grpjquota=aquota.grp,jqfmt=vfsv0	0	0
And if you want user and group quota use: 
/dev/sdc1	/data/sdc1	ext3	defaults,usrjquota=aquota.user,grpjquota=aquota.grp,jqfmt=vfsv0	0	0

Remount your filesystem: 

mount -o remount /dev/sdc1
Re-check the filesystem: 
quotacheck -vug /data/sdc1
You should now not see the message anymore.

To start working with quota use quotaon to turn it on and quotaoff to turn it off.

Working with quota

The commands in this chapter describe the use of quota per user, the same hold true for group settings. Instead of -u, for user, use -g.

The quota system works with kilobytes. Note that on computers a megabyte is 1024 kilobytes, and NOT 1000 kilobytes.

Setting quota

There are two ways to set user quota. The first per use of edquota, the other is via setquota. edquota gives you an editor, while setquota is entirely commandline. See the man-pages for their usage.

To set initial quota we use setquota: 

setquota -u dleeuw 1024 2048 0 0 /dev/sdc1
This seems cryptic, but from the manpage you might know that it is not. After the -u comes the username. Then the 1024 means that the user can use 1024 blocks on our system, after that he gets a warning from the system. If the user uses more then 2048 blocks no more data can be written to the disk! The 0 is the softlimit for the inodes, followed by the hardlimit for the amount of inodes a user can use. Since I left them both at 0 it means that there is no limit on the amount of inodes the user can use. And with the last option we tell setquota to use this settings on the /dev/sdc1 filesystem.

This is not much disk space, so we decide to edit it with edquota. Dependent on your system the prefered editor is started. Since my prefered editor is vim, I want to make sure vim is used as the editor: 

export EDITOR=vim
edquota dleeuw
This will show something like: 
Disk quotas for user dleeuw (uid 1000):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/sdc1                         0       1024       2048          0        0        0
You can now adjust the values to your liking. The 0 below the blocks and inodes column means that the user dleeuw has nothing in use. If your users already have files on your filesystem your will see here how much the they have already in use.

Just as a note, you can rerun setquota with different values to adjust the quota settings for a user.

Another note: When no inode limits are set, and the user exceeds the size hardlimit, it can stil touch new files, since they have a size of 0.

View quota set

The quota command can be used to display the amount of diskspace used, and the quota set: 

quota -u dleeuw
If you did like I did, meaning setting quota on a user that has no disk space in use, you get something like this: 
Disk quotas for user dleeuw (uid 1000): none
This is a bit strange, because we did set the quota. What the quota commands means is that this user uses no disk space. The -v option provides a better output: 
quota -v -u dleeuw
Disk quotas for user dennis (uid 1000): 
     Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
      /dev/sdc1       0   10240   11244               0       0       0
Per default quota and repquota do not display users that have nothing in use. They only supply you information for users that actually use data on a filesystem (even when no quota are set for a user).

Grace times

In the previous examples the limiting factor was the hardlimit. We can also decide that a user can have a certain amount of time to clean up, and after that the softlimit is the actual limit. This time is called the grace time. The grace time for disk space and inode space can be set for all users per filesystem or per user per filesystem. 

setquota -t -u 86400 0 /dev/sdc1
Sets the quota on /dev/sdc1 for users. For the disk size they have 1 day (86400 seconds) to clean up, and there is no grace time for the amount of inodes.

For per user settings use: 

setquota -u dleeuw -T 86400 unset /dev/sdc1
Note the unset for settings you do not want to set.

Overviews and statistics

To get more information of what type of quota your system is using, use quotastats: 

quotastats 
Kernel quota version: 6.5.1
Number of dquot lookups: 41544
Number of dquot drops: 20784
Number of dquot reads: 2
Number of dquot writes: 41533
Number of quotafile syncs: 19
Number of dquot cache hits: 41542
Number of allocated dquots: 2
Number of free dquots: 1
Number of in use dquot entries (user/group): 1

To see a list of the users (with data on a filesystem), their usage and their quota set use repquota: 

repquota /data/sdc1/
*** Report for user quotas on device /dev/sdc1
Block grace time: 00:00; Inode grace time: 00:00
                        Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
dleeuw    --  797860  819200  901120          20760     0     0

System administration

Booting the system

If you do not use a journaled quota, you need to check your quota system like you would do a normal filesystem check. Especially after a non-clean shutdown of the system. In your boot scripts make sure you run something like: 

quotacheck -avug
For all quota systems you need to make sure that quota is turned on after a reboot. You could do this by supplying something like this in your boot scripts: 
/usr/sbin/quotaon -avug
Note that most current distributions do this automatically for you.

Notifying users about their quota

The warnquota program can notify a user when it is over its quota limit. The program is controlled by three configuration files:

warnquota.conf

We start with the main configuration file. The main parameters in this file are:

MAIL_CMD
The command to use to send e-mail, mostly this is: sendmail -t
FROM
The From header in an e-mail message
SUBJECT
The Subject line in an e-mail message
CC_TO
The CC line in an e-mail message, can be used with the CC_BEFORE option
CC_BEFORE
If this is set like CC_BEFORE = 2 days, the person in the CC_TO field is only notified when the users grace time has 2 days left.
SUPPORT
Which e-mail address should users use to contact support
PHONE
Which phonenumber should users use to contact support
MESSAGE and GROUP_MESSAGE
The user of group message that is sent to notify that the limit is reached. The variables must be filled with one single line, to create multiline messages use the | for a line break. Other things you can use are the SUPPORT and PHONE variables and %i for the group or username, %h for the hostname and %d for the domainname. To use a % sign in a message use %%.
SIGNATURE and GROUP_SIGNATURE
The signature used for the user of group message. Same editting rules apply as for the message.

quotatab

The /etc/quotatab file translates device names to something that is understandable for the user. When you are using samba most of your Windows users won't know what /dev/sdc1 is, so they are better served when you notify them that their home folder is full. A line in /etc/quotatab might be: 

/dev/sdc1:Home Folder
Even multiline descriptions are possible through using the | character.

quotagrpadmins

Maps responisble persons to group names. This is to notify the responsible when a group limit is hit, instead of mailing everybody in the group. 

users: root

XFS and NFS

ToDo: