RHCE Study Guide

This tutorial explains how to configure and manage disk quota in Linux step by step with examples including basic concepts of disk quota such as hard limit, soft limit, inode and blocks size.

Basic concepts of disk quota

If you are the only person who uses the disk, there is no need to implement quota at all. But if there are multiple users who use the same disk, quotas are the best ways to control the individual users from monopolizing entire disk space. A user limited by disk quotas cannot use additional disk space beyond his limit. For example suppose there are four users; user a, user b, user c and user d. Without quota any user can use entire disk space, leaving no space for other users. This situation is very common in shared environment such as web hosting, ISPs, file server, ftp server etc. But if disk quota is enabled, no user can use disk space beyond his limit.

linux disk quota example

LAB Setup for disk quota practice

Although we can use a regular partition for practice, but if possible I suggest you to use a separate disk and create partition in that disk. If linux is installed in virtual system, you can add an additional disk for practice. If linux is installed in physical system, you can use a USB stick for practice.

To learn how to add an additional disk in system and create partitions in that disk see the following tutorial which explains this process step by step with examples.

Manage Linux disk partition with Fdisk command

For this tutorial, I assume that you have a separate partition or a partition which does not contain any important user data.

lsblk command

During this practice we will execute commands which will overwrite exiting data with null characters. So make sure the partition you are going to use for practice does not contain any important user data.

We also need some user accounts and one group account to simulate the shared environment. Let’s create four user accounts for practice.

useradd command

Create a group quotatest and add user c and user d in that group.

groupadd command

Quota functionality is provided by quota package. To check whether this package is installed or not, use following commands

#rpm –qa quota

or

#yum list quota

For this tutorial, I assume that quota package is installed.

rpm -qa quota

To learn, how to install a package use following tutorials which explain how to install and manage packages in linux step by step.

How to configure yum Repository in Linux

RPM command in Linux Explained

That’s all setup we need for disk quota practice. Before we learn how to configure disk quota practically, let’s understand two terms associated with disk quota.

Block Size and Inode Number

We can configure disk quotas for individual user or group based on block size or inode number. A file has two types of data; user data and metadata. The user data is the data which we create in file. The metadata is the data which system creates for file. Metadata includes important information about file such as file type, attributes, permission, UID, GID, file size, last access, last modification, location of file in hard disk etc. Metadata is stored in inode table. Each file stored in disk has its unique entry in inode table that is used to store the metadata information about that file.

If we want to control the size of files, we would configure the quota based on block size. If we want to control the number of files, we would configure the quota based on inode number. To control both, we would configure quota based on both block size and inode number.

It is highly recommended to configure quota based on both block size and inode number. If we skip any one method, a malicious user may use that method to abuse the system. Let’s understand it with some examples.

Situation 1 (Quota is configured only based on block size)

1GB quota is configured based on block size for user a. Since quota for inode number is not configured, user can create files until entire 1GB space is not filled up. To abuse this system user can create relatively small size files. For example if he keeps file size only 1Kb, he can create 1000000 files (1 GB = 1000000Kb). 1000000 files means, 1000000 entries in inode table. This way only with 1GB space a user can make inode table unstable.

Situation 2 (Quota is configured only based on inode table)

100 inode numbers are configured as inode quota for user a. Since quota for block size is not configured, user can create 100 files (no matter how big or small in size they are). To abuse this system, user can create large size files. For example he can create a file of 1Tb in size. Yep, you read it right. Linux supports very big size files. For instance ext4 file system supports 16Tib individual file size. It means if disk is formatted with ext4 file system, we can create a single file of 16TiB in size. This way only 1 inode number is sufficient to fill up the entire disk space.

Situation 3 (Quota is configured on both block size and inode number)

1GB block size and 100 inode numbers are configured as quotas for user a. Since both block size and inode numbers are configured, user cannot abuse this system. No matter how small files in size he creates, he is not allowed to create more than 100 files. Just like this, no matter how big file in size he creates, he is not allowed to use more than 1GB disk space. As soon as 100 files are created, inode quota will block him from creating new file. Same way as soon as 1 GB space is consumed, block size quota will block him from using additional disk space. This way, if both block size and inode numbers are configured, user will not able to cheat the system.

How to configure the disk quota

Disk quota can be configured in four steps

  • Enable quota
  • Remount file system
  • Create quota files
  • Configure quota policy

Let’s understand each step in details

Enabling quota

Linux uses /etc/fstab configuration file to mount all partitions in file system at boot time. This file contains all necessary information about the partition such as partition location at disk, mount point, attributes and other control options which are required to mount a partition. Each entry in this file has six fields.

default fstab file linux

Number Filed Description
1 What to mount Device which we want to mount. We can use device name, UUID and label in this filed to represent the device.
2 Where to mount The directory in main Linux File System where we want to mount the device.
3 File system File system type of device.
4 Options Mount options which control the mount process. To enable user quota add usrquota option and to enable group quota add grpquota option.
5 Dump support To enable the dump on this device use 1. Use 0 to disable the dump.
6 Automatic check Whether this device should be checked while mounting or not. To disable use 0, to enable use 1 (for root partition) or 2 (for all partitions except root partition).

In order to enable user quota, we have to add usrquota option in fourth field. Just like it, to enable group quota, we have to add grpquota option in fourth field. Let’s enable both quotas for partition /dev/sdb1.

Following figure illustrates updated /etc/fstab file

updated fstab file

Any changes made in /etc/fstab file will not apply until next time system reboots. This is also applies on the disk quota options which we have recently added in this file. We have two choices here; either restart the system or remount the associated partition. Wherever possible we should always choose the first option. But in several situations immediate restart is not possible. In that case we can use second option.

Remounting file system

If partition is not used by any process, we can remount it with following command.

#mount –o remount [partition]

Following figure illustrate this operation

remount partition

If partition is remounted without any error or warning, use mount | grep [partition] command to confirm that quota options are successfully applied.

grep mount command

Some common reasons which trigger errors here are typing mistake in fstab file, mount point unavailable, file system is not formatted and wrong partition is selected. If there is any error, correct that before moving in next step.

Creating quota files

In third step we will run following command.

#quotacheck –cug [partition where quota is enabled]

This command will create necessary files for quota. Let’s understand this command in detail.

quotacheck :- This command is used to check the quota implementation in partition.

c :- This option is used to create the quota files in specified partition.

u :- This option is used to check the user quota.

g :- This option is used to check the group quota.

Basically this command will check quota entries in specified partition. If aquota.user and aquota.group files are not available in specified partition, it will create them.

quotacheck -cug

We need to run above command only once for each partition where we want to configure the disk quota.

Once necessary files are created, following command is used to sync the disk quota database table with current disk usages.

# quotacheck -avug

In this command

a :- This option is used to check all quota enabled partitions

v :- This option is used to print real time updates as command proceeds

u :- This option is used to check user disk quota information

g :- This option is used to check group disk quota information

quotacheck -auvg

Tips

aquota.user and aquota.group files are used to store quota configuration values for user and group respectively. Quota database keeps track of disk usage. How much space is allowed to a particular user is configured in aquota.user file while how much space has been used by that user is tracked in quota database table. aquota.user and aquota.group both are binary files which mean we cannot read or write them directly.

Configuring quota policies

To configure quota policies, we have to define three values; soft limit, hard limit and grace period.

Soft limit: - This limit is flexible. User or group is allowed to cross this limit temporary.

Hard limit: - This is fixed limit. User or group is not allowed to cross this limit.

Grace period: - This is the time period in which user or group is allowed to use additional space beyond the soft limit.

To understand quota policies practically, let's create some dummy requirements.

User /Group Block Size Soft Limit Block Size Hard Limit Grace period Inode Soft Limit Inode Hard limit Grace period
a 100Mb 200Mb 2 Minutes 10 10 Nil
b 200Mb 200Mb Nil 10 20 5 hours
quotatest 1000Mb 1500Mb 1 Day 100 150 5 days

Nil: - If both soft limit and hard limit are same, there is no need to configure this value.

To configure quota edqota command is used. To configure quota for user a use following command

#edquota a

Above command will open user quota configuration file.

default edquota

This file has seven columns

Column Name Description
1 Filesystem Partition where this quota will apply
2 blocks Number of blocks currently used by this user
3 soft Soft block size limit for user
4 hard Hard block size limit for user
5 inodes Number of inodes currently used by this user
6 soft Soft inodes limit for user
7 hard hard inodes limit for user

Let’s update this file

edquota user a

Default block size is 1Kb. (1block = 1Kb).

Following same way, configure the quota limit for user b

edquota user b

Group quota is also defined in same manner. By default edquota command is used to set quota for users. To set quota for group we have to use –g option with this command. Let’s define group quota for group quotatest.

edquota group

By default grace period is set to seven days. It means user or group will be able to use resources (block size or inodes after soft limit) till seven days. After seven days they will be denied to use any additional resources. We can adjust grace period as per our requirement.

To set grace period for user, use following command

edquota -T [username]

To set grace period for group, use following command

edquota -T -g [groupname]

To adjust global grace period, use following command

edquota -T

Following figure illustrates default configuration file.

defualt grace period file

To define quota time period valid time units are days, hours, minutes and seconds.

Let’s configure grace period for user a

edquota -T a

Following same way configure grace period for user b

edquta -T b

Configure grace period for group quotatest

edquta -T group

Tips

Never put space between value and unit for example “5 days” will be wrong entry, correct entry will be “5days”. A space between value and unit or undefined value will generate edquota cannot read individual grace time from file error message.

Finally enable quota with following command

qutaon commnad

Testing disk quota

To verify disk quota setup, we can use following commands.

Command Description
quota [user name] To view quota uses by user
quota –g [group name] To view quota uses by group
repquota –a To view quota uses by all users and groups

System cannot generate quota reports, until user or group use the resources. If users or groups haven’t used any block size or inode number, we will get following message.

Disk quotas for user [name] uid : none

Above message indicates that particular user or group has not used any quota resources (block size or inode) to display.

disk quotas for user none error

Let’s create three directories and make user a, user b and group quotatest owner of them respectively.

mkdir chown command

Quota configuration testing from user a

User a is allowed 100Mb disk space. He is also allowed to use additional 100Mb space for 2 minutes. He can create maximum 10 files or directories in this space.

To test this configuration switch to user a and change directory to /rchelab.

switch user

Now list the content and switch to user-a directory and create 5 directories and 4 files

mkdir touch command

If files or directories name are supplied in {} bracket, they will be processed individually. The {} brackets is used to create multiple files or directories with single command.

As per our setup user a is allowed maximum 10 indoes and as above output shows, he has been used all allowed indoes. So he should not be able to create any new file or directory now. Let’s test this restriction

mkdir fail disk quota execeed

As we can see in above output user a is not allowed to create any additional file or directory beyond his limit (10 inodes). This restriction confirms that our inodes quota configuration is properly setup and working as expected.

Now we will test block size configuration. Block size configuration has two limits; soft 100Mb and hard 200Mb. Soft limit can be extended for two minutes. Let’s create a dummy data file to utilize all space defined in soft limit.

dd command

I used dd command to copy the 95Mb null bytes in f1 file.

As we can see in above output user a is allowed to add any length of data in file until he remains under the soft limit. Before we test the soft limit and grace period, open an another terminal and check the current uses of user a

quota execeeds

As we can see in above output user a has been used all allowed inodes. So far block size is concerned, he still has 2629 blocks (100000 - 97304) available under his soft limit.

Did you notice there is no value listed in grace period field while we configured this value also?

Grace period is just like a timer which will start only when soft limit is crossed and user still has 2629 blocks in his soft limit. To see it practically, let’s cross the soft limit

soft limit crossed user a

As we can see in above output as soon as user crossed the soft limit, grace period timer started. User is allowed to use additional space until this timer keeps running. Once timer is stopped he will be dined from using any additional space. Right now user still has 51496 (200000-148504) blocks available, before it reaches to hard limit. Let’s use additional 10Mb space.

grace period disk quota linux

As we can see in above output grace period timer is running and hard limit is not crossed, so additional 10Mb space is allowed. Now let the grace period expire and try to use additional 10Mb space from remaining space.

grace period expired disk quota

As we can see in above output user is not allowed to use additional space even he has 41256 (200000-158744) blocks available. To use this remaining 41256 blocks he also needs time in grace period which is already expired.

disk quota grace period example

Key points
  • If soft limit and hard limit are same, grace period is not required.
  • If soft limit and hard limit are different, grace period is required.
  • Soft limit must be configured lower than hard limit.
  • As soon as user crosses his soft limit grace period timer starts.
  • User is allowed to use additional space (hard limit – soft limit) until grace period timer is running.
  • Once grace period is expired, user is not allowed to use additional space.
  • Grace period timer will be removed automatically once user brings his consumption below the soft limit.

Quota configuration testing from user b

User b is allowed 200Mb block size and 20 indoes with soft limit 10 inodes and 5 hours grace period. Since both soft and hard limits are same for block size, grace period is not configured. We can test this setup with following steps.

Block size testing

Switch to user b and change directory to /rhcelab/user-b.

Create a file of 195Mb in size with following command

#dd if=/dev/zero of=/rhcelab/user-b/file1 count=195 bs=1M

Exit from user b and verify block size quota uses with following command

#quota b

Switch to user b again and try to create a file 10Mb in size with following command

#dd if=/dev/zero of=/rhcelab/user-b/file2 count=10 bs=1M

If this time user is denied, block size quota configuration is setup correctly. If user is allowed to create this file, block size quota configuration is not setup properly.

Inodes number testing

Switch to user b and change directory to /rhcelab/user-b

Create 10 directories with following command

#mkdir {d1,d2,d2,d4,d5,d6,d7,d8}

Exit from user b and verify inodes quota uses with following command

#quota b

Switch to user b again and try to create one more directory with following command

#mkdir d9

User should be allowed to create directory but this time he should get disk quota exceeds warning message.

Exit from user b and check inodes number quota again

#quota b

If grace period timer for inode number is started, inodes quota is setup correctly.

I have already explained all commands used in above steps while testing with user a. If require, you can use them for reference.

Quota configuration testing from group quotatest

The group quotatest has soft limit 1000Mb and hard limit 1500Mb with grace period of 1 day for block size. For inodes it has soft limit of 100 inodes and hard limit of 150 inodes with 5 days grace period.

Before you start testing from group, make sure that user c and d are the members of group and group has proper permission on testing folder.

group permission for disk quota

Switch to user c and create a file (800Mb in size) and a directory. In directory creates 80 empty files with following command.

#touch test_{1..80}.txt

Verify files and directories with ls command.

mkdir touch command

Exit from user c and verify quota limit.

ls command

Now login from user d and create a file 400Mb in size to cross the soft limit of block size. To cross the soft limit of indoes create 30 empty directories. As soon as user would cross the soft limit, he should get warning message for related quota limit.

quota used by user d

Exit from user d and view the quota uses for group. Grace period timer should be started for both limits.

quota grace period example

Above output confirms that grace period for group quota is also configured successfully.

Important commands for quota management

Command Description
quotacheck This command is used to check quota implementation and update quota database from file system. This command is also used to create aquota.user and aquota.group files, if they are not created manually.
edquota This command is used to configure quota values for user and group.
quota This command is used to view the quota uses for specific user or group.
repquota This command is used to view the quota uses for all users and group.
quotaoff This command is used to turnoff quota temporary.
quotaon This command is used to enable quota again if it is disabled.

In this tutorial we learned common file system disk management step by step with examples. Usually this process should work on maximum file systems; however some file systems such as xfs have their own quota management tools. So if this approach does not work as expected, please check the manual page of corresponding file system to figure out, how that particular file system works with disk quota.

That’s all for this tutorial. In next tutorial I will explain another linux topic in details with examples.