How to Enable User and Group Quotas

Installing Quota

This guide starts by installing the quota program using the following command:

apt-get install quota

The mount options of the file system need to be edited before user specific quotas can be used. The mount filefstab needs to be opened for editing using the following command:

sudo nano /etc/fstab

The quotas are enabled by adding a usrquota and/or grpquota to the mounting options of the main hard disk. When using ursquota, the quotas are only enabled on specific users. The grpquota option allows for quotas on user groups.

Both options can be independently added depending on the desired result. The fstab file should be edited as follows for enabling user quotas (for group quotas addgrpquota).

LABEL=DOROOT  / ext4  errors=remount-ro,usrquota  0 1

Save the file and enable the new mount options by remounting the file system as follows:

mount -o remount /

The following command will create a new quotas file in the root directory of the file system. This is an index file used by the quota tool for keeping track of the user's disk size. It also contains the user limits and configured options.

quotacheck -cum /

The command consists of the following three parameters:

1. The c parameter indicates the creation of a new file, overwriting any previous files.

2. The u parameter indicates that a new user index file should be created. To also create a group index file, add theg command in the previous command.

3. The m parameter indicates that no read-only mount of the complete file system is required to generate the different index files.

Because the m parameter is used, it's possible that a small mismatch happens in the actual specific user disk size and the calculated disk size by the quota program. Make sure that no user is currently uploading files to the server when running the previous command to minimize a possible mismatch.

The following command announces to the system that disk quotas should be enabled on the desired file system.

quotaon /

A similar command can be used to turn off disk quota checking, thus disabling the quotas for the different users and groups.

quotaoff

Configuring Quotas For Different Users

The user quotas are configured using the edquota command, followed by the desired user name or group name. The command will open the default configured text editor. In this guide, we assume that the userftpuser should receive a quota of 10Mb. The command used is as follows:

edquota ftpuser

Which opens the quota file for editing

Disk quotas for user ftpuser (uid 1001):  Filesystem                   blocks       soft       hard     inodes     soft     hard  /dev/disk/by-label/DOROOT         8      10000      10240          2        0        0

The text editor shows 7 different columns:

1. Indicates the name of the file system that has a quota enabled

2. Indicates the amount of blocks currently used by the user

3. Indicates the soft block limit for the user on the file system

4. Indicates the hard block limit for the user on the file system

5. Indicates the amount of inodes currently used by the user

6. Indicates the soft inode limit for the user on the file system

7. Indicates the hard inode limit for the user on the file system

The blocks refer to the amount of disk space, while the inodes refer to the number of files/folders that can be used. Most of the time the block amount will be used in the quota.

The hard block limit is the absolute maximum amount of disk space that a user or group can use. Once this limit is reached, no further disk space can be used. The soft block limit defines the maximum amount of disk space that can be used. However, unlike the hard limit, the soft limit can be exceeded for a certain amount of time. This time is known as the grace period. More information about the grace period later in the guide.

In the example above, a soft limit off 9,785Mb and hard limit of 10Mb are used. To see the quota in action an FTP/SFTP transfer can be started, where multiple files will be uploaded with a total size of 12 Mb for example (as long as its larger than the hard limit). The FTP/SFTP client will indicate a transfer error, meaning that the user will be unable to upload any files. Of course, 10Mb isn't a meaningful quota. In this guide every user will get a soft limit of 976 Mb and a hard limit of 1Gb. The configuration looks as follows:

Disk quotas for user ftpuser (uid 1001):  Filesystem                   blocks       soft       hard     inodes     soft     hard  /dev/disk/by-label/DOROOT         8    1000000    1048576          2        0        0

For checking the quota of a specific user, the quota command can be used followed by the user or group

quota ftpuser

Which gives the following output

Disk quotas for user ftpuser (uid 1001):  Filesystem                   blocks       soft       hard     inodes     soft     hard  /dev/disk/by-label/DOROOT         8    1000000    1048576          2        0        0

Generating Reports

It is possible to generate a report from the different quotas. The following command is used:

repquota -a

Which produces the following output

*** Report for user quotas on device /dev/disk/by-label/DOROOTBlock grace time: 7days; Inode grace time: 7days                        Block limits                File limitsUser                used        soft      hard    grace    used    soft  hard  grace------------------------------------------------------------------------------------root          --   1118708        0         0             37093     0     0daemon        --        68        0         0                 4     0     0man           --      9568        0         0               139     0     0www-data      --      2908        0         0                15     0     0nobody        --         0        0         0                 1     0     0libuuid       --        24        0         0                 2     0     0Debian-exim   --        44        0         0                10     0     0mysql         --     30116        0         0               141     0     0ftpuser       --         8  1000000   1048576                 2     0     0

Optional: Specify A Grace Period

To give current users some time to reduce their files on the droplet, a grace period can be configured. This is the allowed time a user can exceed their soft limit, while still staying under the hard limit. The grace time is configured using the following command [notice that this is system wide; no user specific configuration is possible]. The grace period can be expressed in seconds, minutes, hours, days, weeks or months.

edquota -t

The command gives the following output and specifies the different time unites that could be used. For this guide, a grace period of 7 days is used.

Grace period before enforcing soft limits for users:Time units may be: days, hours, minutes, or seconds  Filesystem                    Block grace period     Inode grace period  /dev/disk/by-label/DOROOT                  7days                  7days

Conclusion

The quotas will be automatically updated and enforced when a user transfers/creates/moves/deletes a file/folder. Remember that the quota program works by looking at the owner or group of a specific file/folder. SSH users could escape the quotas by changing the owner or group of their files.

https://www.digitalocean.com/community/tutorials/how-to-enable-user-and-group-quotas