Quota is used to limit the disk space used by a user or group on a particular file system, thus giving system administrators better control over their disk usage policies. The quota package helps implementing quota for Linux.
The first step in setting up quota is to enable quota for a file system partition. To do this, either remount the file system with appropriate mount options, or edit /etc/fstab to make the changes permanent.
Suppose your home partition is mounted on the file system /dev/hda5 and you want to enforce quota for users. Mount the file system with quota options,
/etc/fstab
/dev/hda5 /home ext3 defaults,usrquota,grpquota 0 0
usrquota : Enables per user quota
grpquota : Enables per group quota
Remount home partition
[root@LinuxBox1 ~]#mount -o remount /home
[root@LinuxBox1 ~]#mount|grep /home
/dev/hda5 on /home type ext3 (rw,usrquota,grpquota)
Quota information for a file system is stored in files aquota.user and aquota.group files under the root of the file system, in this case /home. This files will be owned and accessible only by root. You have to initialise these files first using quotacheck command.
[root@LinuxBox1 ~]#quotacheck -vgum /home
quotacheck: Scanning /dev/hda5 [/home] done
quotacheck: Checked 1708 directories and 8935 files
If you are using this command for the first time, you may see some errors about file not in correct format/missing. Its ok.
[root@LinuxBox1 ~]#ls -la /home/aquota*
-rw------- 1 root root 9216 Apr 10 04:44 /home/aquota.group
-rw------- 1 root root 8192 Apr 10 04:44 /home/aquota.user
Enable quota on /home partition with quotaon command
[root@LinuxBox1 ~]#quotaon /home
/dev/hda5 [/home]: group quotas turned on
/dev/hda5 [/home]: user quotas turned on
Now everything is set up correctly, we can set quota for user 'safeer' using edquota command. This will open a file in your default editor (most probably 'vi '). You have to change its values appropriately.
[root@LinuxBox1 ~]#edquota -f /home -u safeer
Disk quotas for user safeer (uid 507):
Filesystem blocks soft hard inodes soft hard
/dev/hda5 1020 0 0 14 0 0
blocks : Space in 1k blocks used by the user (Current usage is 1MB)
inodes : Number of files/folders created by user (14 files/folders in total)
soft : Warning limit of space used/number of files created by the user. User gets a warning when this limit is reached, but he can still create/modify files.
hard : Maximum of space used/number of files created by the user. User can't cross this limit.
Let us enforce a soft limit of 4 MB and hard limit of 5 MB on space usage.
[root@LinuxBox1 ~]#edquota -f /home -u safeer
Disk quotas for user safeer (uid 507):
Filesystem blocks soft hard inodes soft hard
/dev/hda5 1020 4096 5120 14 0 0
Note that we are not restricting the number of inodes
Let us check this by creating files as safeer
[root@LinuxBox1 ~]#su - safeer
[safeer@LinuxBox1 ~]$quota
Disk quotas for user safeer (uid 507):
Filesystem blocks quota limit grace files quota limit grace
/dev/hda5 1020 4096 5120 2 0 0
Users can use quota command to view his current quota usage and quota limits as above.
'safeer' is already using 1MB of disk space. Let us create a file of 2MB:
[safeer@LinuxBox1 ~]$dd if=/dev/zero of=./temp1 bs=1024 count=2048
2048+0 records in
2048+0 records out
2097152 bytes (2.1 MB) copied, 0.024208 seconds, 86.6 MB/s
This will work fine since user has not exceeded the quota limit.
Now create another file of 1.5MB, making the total disk usage 4.5 MB (exceeds softlimit of 4MB)
[safeer@LinuxBox1 ~]$dd if=/dev/zero of=./temp2 bs=1024 count=2560
hda5: warning, user block quota exceeded.
2048+0 records in
2048+0 records out
2097152 bytes (2.6 MB) copied, 0.024208 seconds, 86.6 MB/s
Again create another file of size 1MB, thus exceeding the hard limit:
[safeer@LinuxBox1 ~]$dd if=/dev/zero of=./temp3 bs=1024 count=1024
hda5: write failed, user block limit reached.
dd: writing `./temp3': Disk quota exceeded
497+0 records in
496+0 records out
507904 bytes (508 kB) copied, 0.007349 seconds, 69.1 MB/s
If you want to set quota based on inode or both inode & space in the same way.
You can also set quota for group using the command
[root@LinuxBox1 ~]#edquota -f /home -g developers
This will edit the quota for group 'developer'. One thing people often misunderstand is that group quota means total space/inodes used by all members of a group. But actually it is the size/inodes used by users who have this group as primary group.
Administrators will frequently need to check the status of user quotas.
To find out the quota usage of a particular user:
[root@LinuxBox1 ~]#quota -u safeer
Disk quotas for user safeer (uid 507):
Filesystem blocks quota limit grace files quota limit grace
/dev/hda5 5008* 4096 5010 6days 5 0 0
Similarly use -g option instead of -u to find the quota of a group
Instead of individual quota reports, you can get the quota report for the entire filesystem:
[root@LinuxBox1 ~]#repquota /home
*** Report for user quotas on device /dev/hda5
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 1172676 0 0 6109 0 0
vinu -- 239188 0 0 4347 0 0
safeer +- 5008 4096 5010 6days 5 0 0
nebu +- 5120 4096 5120 6days 4 0 0
This will list each users current usage as well as the limit for usage. Using repquota with -g option will give the group quota report. Use '-a' option to list quota of all patitions.
You can use the command warnquota to sent mail to all users who have exceeded quota. The message sent can be customeised by editing the file /etc/warnquota.conf. You should set an administrator for each group so that this administrators will be emailed when their groups exceed the quota (use command: warnquota -g). You can do this by editting /etc/quotagrpadmins, syntax of the file is group:admin_user.
Monday, April 9, 2007
Monday, April 2, 2007
Basics of Samba configuration
Samba is a file sharing service in linux that uses SMB (Server Message Block) protocol. Both windows and linux support SMB protocols. So this service can be used for file sharing between two linux machines or linux and windows machines. In addition to file sharing samaba can also be used to share printers in network. It can also act as a Domain controller or client in an active directory environment.
Samba runs two daemons, smbd (SMB daemon) & nmbd (Netbios naming daemon). They listen on 4 ports as listed below
Netbios Name Service: netbios-ns 137
Netbios Datagram Service: netbios-dgm 138
Netbios Session Service: netbios-ssn 139
Microsoft Active Directory Service: microsoft-ds 445
The main configuration file of samba is /etc/samba/smb.conf. It contains a number of sections, starting with a section name enclosed in square brackets and containing one or more key/value pair seperated by equal sign.
The [global] section contains settings that are applied server wide. The most common of them are listed below:
workgroup: The name of the windows work group to which this samba server should belong. This name will be shown in a windows machines My Network Places -> Entire Network -> Microsoft Windows Network.
Eg:
workgroup = Linux Shares
We can also set a description about this particular server using (This is optional)
server string = Linuxbox1_WinShare
As part of security measures, you should restrict which networks or machines have access to this share. Here we will allow our local network 192.168.0.0/24 and the local loop.
host allow = 192.168.0. 127.
We can share a directory through samba with the following syntax (minimal)
[sharename]
comment = Comment about this share
path = /path/to/directory/to/be/shared
We can use many other configuration parameters to change the properties of this share, some of them are:
read only = [yes]/[no] :If yes, permits only read access to the share
writable = [yes]/[no] : If yes, data can be written to the share
By default all shares will have read only permission. The above two are actually complements of each other.
bowsable = [yes]/[no] : Whether the share should be visible in when browsing machine resources, set to 'yes' by default.
hide dot files = [yes]/[no] : If yes, hides unix hidden files in windows also. Set to 'no' by default.
In places where you can provide a list of values, separate each value by space.
admin user = admin1 admin2 ..... : Users allowed to act as root (for the share)
valid users = user1 user2 ..... : Users allowed to access the share
invalid users = root nfs mail .... :Users not allowed to access the share.
read list = user1 user2 ..... : Users who have read only permission on the share
write list = user 5 user6 ... : Users who have write permission to the share.
You can grant permission to members of a group instead of a long list of users. If you want to grant write permission on a share to the accounts group members, add the following line to the share section.
write list = @accounts
Samba uses separate user database (when the variable "security = user" is set - default ) stored in /etc/samba/smbpaswd. This database is manipulated by the command smbpasswd. To add a user to samba database, he should be present in the system user database (/etc/passwd). Some useful options of smbpasswd are:
-a : Add a samba user
-x : Delete samba user
-d : Disable samba user
-e : enable samba user
[root@LinuxBox1 ~]#smbpasswd -a safeer
New SMB password:
Retype new SMB password:
Added user safeer.
The share [homes] is a special share which lets the users to access their home directories via samba.
[homes]
browsable = no
writable = yes
The user home directories will not be visible in the browse list, but authenticated users will be able to see their home directory.
[printers] is another special session used to share the printers configured on the samba server. When a request comes for a printer, samba will search the Unix printer capability file (/etc/printcap usually), and automatically use each printers listed in the file. The minimum configuration required for printing is
[printers]
printable = yes
path = /var/spool/samba
printcap name = /etc/printcap
public = no
valid users = user1 user2 user2
If you want to add a separate printer
[hp-accounts]
printable = yes
path = /var/spool/samba/hp-3500
printer = hp-3500
valid users = @accounts
This will create a printer share hp-accounts accessible only by accounts department.
Restart samba service, when smb.conf is changed
[root@LinuxBox1 ~]#service smb restart
Samba runs two daemons, smbd (SMB daemon) & nmbd (Netbios naming daemon). They listen on 4 ports as listed below
Netbios Name Service: netbios-ns 137
Netbios Datagram Service: netbios-dgm 138
Netbios Session Service: netbios-ssn 139
Microsoft Active Directory Service: microsoft-ds 445
The main configuration file of samba is /etc/samba/smb.conf. It contains a number of sections, starting with a section name enclosed in square brackets and containing one or more key/value pair seperated by equal sign.
The [global] section contains settings that are applied server wide. The most common of them are listed below:
workgroup: The name of the windows work group to which this samba server should belong. This name will be shown in a windows machines My Network Places -> Entire Network -> Microsoft Windows Network.
Eg:
workgroup = Linux Shares
We can also set a description about this particular server using (This is optional)
server string = Linuxbox1_WinShare
As part of security measures, you should restrict which networks or machines have access to this share. Here we will allow our local network 192.168.0.0/24 and the local loop.
host allow = 192.168.0. 127.
We can share a directory through samba with the following syntax (minimal)
[sharename]
comment = Comment about this share
path = /path/to/directory/to/be/shared
We can use many other configuration parameters to change the properties of this share, some of them are:
read only = [yes]/[no] :If yes, permits only read access to the share
writable = [yes]/[no] : If yes, data can be written to the share
By default all shares will have read only permission. The above two are actually complements of each other.
bowsable = [yes]/[no] : Whether the share should be visible in when browsing machine resources, set to 'yes' by default.
hide dot files = [yes]/[no] : If yes, hides unix hidden files in windows also. Set to 'no' by default.
In places where you can provide a list of values, separate each value by space.
admin user = admin1 admin2 ..... : Users allowed to act as root (for the share)
valid users = user1 user2 ..... : Users allowed to access the share
invalid users = root nfs mail .... :Users not allowed to access the share.
read list = user1 user2 ..... : Users who have read only permission on the share
write list = user 5 user6 ... : Users who have write permission to the share.
You can grant permission to members of a group instead of a long list of users. If you want to grant write permission on a share to the accounts group members, add the following line to the share section.
write list = @accounts
Samba uses separate user database (when the variable "security = user" is set - default ) stored in /etc/samba/smbpaswd. This database is manipulated by the command smbpasswd. To add a user to samba database, he should be present in the system user database (/etc/passwd). Some useful options of smbpasswd are:
-a : Add a samba user
-x : Delete samba user
-d : Disable samba user
-e : enable samba user
[root@LinuxBox1 ~]#smbpasswd -a safeer
New SMB password:
Retype new SMB password:
Added user safeer.
The share [homes] is a special share which lets the users to access their home directories via samba.
[homes]
browsable = no
writable = yes
The user home directories will not be visible in the browse list, but authenticated users will be able to see their home directory.
[printers] is another special session used to share the printers configured on the samba server. When a request comes for a printer, samba will search the Unix printer capability file (/etc/printcap usually), and automatically use each printers listed in the file. The minimum configuration required for printing is
[printers]
printable = yes
path = /var/spool/samba
printcap name = /etc/printcap
public = no
valid users = user1 user2 user2
If you want to add a separate printer
[hp-accounts]
printable = yes
path = /var/spool/samba/hp-3500
printer = hp-3500
valid users = @accounts
This will create a printer share hp-accounts accessible only by accounts department.
Restart samba service, when smb.conf is changed
[root@LinuxBox1 ~]#service smb restart
Subscribe to:
Comments (Atom)