1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
|
D�Di�is�sc�c Q�Qu�uo�ot�ta�as�s i�in�n a�a U�UN�NI�IX�X*�* E�En�nv�vi�ir�ro�on�nm�me�en�nt�t
_�R_�o_�b_�e_�r_�t _�E_�l_�z
Department of Computer Science
University of Melbourne,
Parkville,
Victoria,
Australia.
_�A_�B_�S_�T_�R_�A_�C_�T
In most computing environments, disc space is
not infinite. The disc quota system provides a
mechanism to control usage of disc space, on an
individual basis.
Quotas may be set for each individual user,
on any, or all filesystems.
The quota system will warn users when they
exceed their allotted limit, but allow some extra
space for current work. Repeatedly remaining over
quota at logout, will cause a fatal over quota
condition eventually.
The quota system is an optional part of VMU-
NIX that may be included when the system is con-
figured.
1�1.�. U�Us�se�er�rs�s'�' v�vi�ie�ew�w o�of�f d�di�is�sc�c q�qu�uo�ot�ta�as�s
To most users, disc quotas will either be of no con-
cern, or a fact of life that cannot be avoided. The
_�q_�u_�o_�t_�a(1) command will provide information on any disc quotas
that may have been imposed upon a user.
There are two individual possible quotas that may be
imposed, usually if one is, both will be. A limit can be
set on the amount of space a user can occupy, and there may
be a limit on the number of files (inodes) he can own.
_�Q_�u_�o_�t_�a provides information on the quotas that have been
set by the system administrators, in each of these areas,
and current usage.
-----------
* UNIX is a trademark of Bell Laboratories.
SMM:4-2 Disc Quotas in a UNIX Environment
There are four numbers for each limit, the current
usage, soft limit (quota), hard limit, and number of remain-
ing login warnings. The soft limit is the number of 1K
blocks (or files) that the user is expected to remain below.
Each time the user's usage goes past this limit, he will be
warned. The hard limit cannot be exceeded. If a user's
usage reaches this number, further requests for space (or
attempts to create a file) will fail with an EDQUOT error,
and the first time this occurs, a message will be written to
the user's terminal. Only one message will be output, until
space occupied is reduced below the limit, and reaches it
again, in order to avoid continual noise from those programs
that ignore write errors.
Whenever a user logs in with a usage greater than his
soft limit, he will be warned, and his login warning count
decremented. When he logs in under quota, the counter is
reset to its maximum value (which is a system configuration
parameter, that is typically 3). If the warning count
should ever reach zero (caused by three successive logins
over quota), the particular limit that has been exceeded
will be treated as if the hard limit has been reached, and
no more resources will be allocated to the user. The o�on�nl�ly�y
way to reset this condition is to reduce usage below quota,
then log in again.
1�1.�.1�1.�. S�Su�ur�rv�vi�iv�vi�in�ng�g w�wh�he�en�n q�qu�uo�ot�ta�a l�li�im�mi�it�t i�is�s r�re�ea�ac�ch�he�ed�d
In most cases, the only way to recover from over quota
conditions, is to abort whatever activity was in progress on
the filesystem that has reached its limit, remove sufficient
files to bring the limit back below quota, and retry the
failed program.
However, if you are in the editor and a write fails
because of an over quota situation, that is not a suitable
course of action, as it is most likely that initially
attempting to write the file will have truncated its previ-
ous contents, so should the editor be aborted without cor-
rectly writing the file not only will the recent changes be
lost, but possibly much, or even all, of the data that pre-
viously existed.
There are several possible safe exits for a user caught
in this situation. He may use the editor !�! shell escape
command to examine his file space, and remove surplus files.
Alternatively, using _�c_�s_�h, he may suspend the editor, remove
some files, then resume it. A third possibility, is to
write the file to some other filesystem (perhaps to a file
on /tmp) where the user's quota has not been exceeded. Then
after rectifying the quota situation, the file can be moved
back to the filesystem it belongs on.
Disc Quotas in a UNIX Environment SMM:4-3
2�2.�. A�Ad�dm�mi�in�ni�is�st�te�er�ri�in�ng�g t�th�he�e q�qu�uo�ot�ta�a s�sy�ys�st�te�em�m
To set up and establish the disc quota system, there
are several steps necessary to be performed by the system
administrator.
First, the system must be configured to include the
disc quota sub-system. This is done by including the line:
options QUOTA
in the system configuration file, then running _�c_�o_�n_�f_�i_�g(8)
followed by a system configuration*.
Second, a decision as to what filesystems need to have
quotas applied needs to be made. Usually, only filesystems
that house users' home directories, or other user files,
will need to be subjected to the quota system, though it may
also prove useful to also include /�/u�us�sr�r. If possible, /�/t�tm�mp�p
should usually be free of quotas.
Having decided on which filesystems quotas need to be
set upon, the administrator should then allocate the avail-
able space amongst the competing needs. How this should be
done is (way) beyond the scope of this document.
Then, the _�e_�d_�q_�u_�o_�t_�a(8) command can be used to actually
set the limits desired upon each user. Where a number of
users are to be given the same quotas (a common occurrence)
the -�-p�p switch to edquota will allow this to be easily accom-
plished.
Once the quotas are set, ready to operate, the system
must be informed to enforce quotas on the desired filesys-
tems. This is accomplished with the _�q_�u_�o_�t_�a_�o_�n(8) command.
_�Q_�u_�o_�t_�a_�o_�n will either enable quotas for a particular filesys-
tem, or with the -�-a�a switch, will enable quotas for each
filesystem indicated in /�/e�et�tc�c/�/f�fs�st�ta�ab�b as using quotas. See
_�f_�s_�t_�a_�b(5) for details. Most sites using the quota system,
will include the line
/etc/quotaon -a
in /�/e�et�tc�c/�/r�rc�c.�.l�lo�oc�ca�al�l.
Should quotas need to be disabled, the _�q_�u_�o_�t_�a_�o_�f_�f(8) com-
mand will do that, however, should the filesystem be about
to be dismounted, the _�u_�m_�o_�u_�n_�t(8) command will disable quotas
immediately before the filesystem is unmounted. This is
actually an effect of the _�u_�m_�o_�u_�n_�t(2) system call, and it
guarantees that the quota system will not be disabled if the
-----------
* See also the document ``Building 4.2BSD UNIX
Systems with Config''.
SMM:4-4 Disc Quotas in a UNIX Environment
umount would fail because the filesystem is not idle.
Periodically (certainly after each reboot, and when
quotas are first enabled for a filesystem), the records
retained in the quota file should be checked for consistency
with the actual number of blocks and files allocated to the
user. The _�q_�u_�o_�t_�a_�c_�h_�e_�c_�k(8) command can be used to accomplish
this. It is not necessary to dismount the filesystem, or
disable the quota system to run this command, though on
active filesystems inaccurate results may occur. This does
no real harm in most cases, another run of _�q_�u_�o_�t_�a_�c_�h_�e_�c_�k when
the filesystem is idle will certainly correct any inaccu-
racy.
The super-user may use the _�q_�u_�o_�t_�a(1) command to examine
the usage and quotas of any user, and the _�r_�e_�p_�q_�u_�o_�t_�a(8) com-
mand may be used to check the usages and limits for all
users on a filesystem.
3�3.�. S�So�om�me�e i�im�mp�pl�le�em�me�en�nt�ta�at�ti�io�on�n d�de�et�ta�ai�il�l.�.
Disc quota usage and information is stored in a file on
the filesystem that the quotas are to be applied to. Con-
ventionally, this file is q�qu�uo�ot�ta�as�s in the root of the filesys-
tem. While this name is not known to the system in any way,
several of the user level utilities "know" it, and choosing
any other name would not be wise.
The data in the file comprises an array of structures,
indexed by uid, one structure for each user on the system
(whether the user has a quota on this filesystem or not).
If the uid space is sparse, then the file may have holes in
it, which would be lost by copying, so it is best to avoid
this.
The system is informed of the existence of the quota
file by the _�s_�e_�t_�q_�u_�o_�t_�a(2) system call. It then reads the
quota entries for each user currently active, then for any
files open owned by users who are not currently active.
Each subsequent open of a file on the filesystem, will be
accompanied by a pairing with its quota information. In
most cases this information will be retained in core, either
because the user who owns the file is running some process,
because other files are open owned by the same user, or
because some file (perhaps this one) was recently accessed.
In memory, the quota information is kept hashed by user-id
and filesystem, and retained in an LRU chain so recently
released data can be easily reclaimed. Information about
those users whose last process has recently terminated is
also retained in this way.
Each time a block is accessed or released, and each
time an inode is allocated or freed, the quota system gets
told about it, and in the case of allocations, gets the
Disc Quotas in a UNIX Environment SMM:4-5
opportunity to object.
Measurements have shown that the quota code uses a very
small percentage of the system cpu time consumed in writing
a new block to disc.
4�4.�. A�Ac�ck�kn�no�ow�wl�le�ed�dg�gm�me�en�nt�ts�s
The current disc quota system is loosely based upon a
very early scheme implemented at the University of New South
Wales, and Sydney University in the mid 70's. That system
implemented a single combined limit for both files and
blocks on all filesystems.
A later system was implemented at the University of
Melbourne by the author, but was not kept highly accurately,
eg: chown's (etc) did not affect quotas, nor did i/o to a
file other than one owned by the instigator.
The current system has been running (with only minor
modifications) since January 82 at Melbourne. It is actu-
ally just a small part of a much broader resource control
scheme, which is capable of controlling almost anything that
is usually uncontrolled in unix. The rest of this is, as
yet, still in a state where it is far too subject to change
to be considered for distribution.
For the 4.2BSD release, much work has been done to
clean up and sanely incorporate the quota code by Sam Lef-
fler and Kirk McKusick at The University of California at
Berkeley.
|
