Tutorial

How To Enable User and Group Quotas

Published on January 15, 2014
Default avatar

By Jan Stevens

How To Enable User and Group Quotas

This tutorial is out of date and no longer maintained.

Note: For a maintained article on filesystem quotas, check out How To Set Filesystem Quotas on Ubuntu 18.04.

Introduction


This guide assumes that a droplet with user accounts has already been created. Most of the time, user quotas are applied to FTP or SFTP users, but it’s possible to apply this to any system user. Notice that it’s not possible to use VSFTP’s virtual user feature with quotas – the users should exist on the system!

Quotas are used to limit the amount of disk space a user or group can use on the VPS. There are generally two different methods of managing quotas: first, an empty file system can be created and mounted for a specific user. An advantage of this method is that no additional package is required. Second, the quota tool can be used to dynamically manage the disk quota of a user or a group. A big advantage is the possibility to change quotas on the fly without any complicated disk resizing.

This guide mainly focuses on the creation of user specific quotas; however, all the commands are exactly the same for group quotas. Instead of a user name, a group name can be used in the described commands.

Installing Quota


This guide starts by installing the quota program using the following command:

apt-get install quota

The mount options of the file system need to be edited before user specific quotas can be used. The mount file fstab needs to be opened for editing using the following command:

sudo nano /etc/fstab

The quotas are enabled by adding a usrquota and/or grpquota to the mounting options of the main hard disk. When using ursquota, the quotas are only enabled on specific users. The grpquota option allows for quotas on user groups.

Both options can be independently added depending on the desired result. The fstab file should be edited as follows for enabling user quotas (for group quotas add grpquota).

LABEL=DOROOT  / ext4  errors=remount-ro,usrquota  0 1

Save the file and enable the new mount options by remounting the file system as follows:

mount -o remount /

The following command will create a new quotas file in the root directory of the file system. This is an index file used by the quota tool for keeping track of the user’s disk size. It also contains the user limits and configured options.

quotacheck -cum /

The command consists of the following three parameters:

  1. The c parameter indicates the creation of a new file, overwriting any previous files.

  2. The u parameter indicates that a new user index file should be created. To also create a group index file, add the g command in the previous command.

  3. The m parameter indicates that no read-only mount of the complete file system is required to generate the different index files.

Because the m parameter is used, it’s possible that a small mismatch happens in the actual specific user disk size and the calculated disk size by the quota program. Make sure that no user is currently uploading files to the server when running the previous command to minimize a possible mismatch.

The following command announces to the system that disk quotas should be enabled on the desired file system.

quotaon /

A similar command can be used to turn off disk quota checking, thus disabling the quotas for the different users and groups.

quotaoff

Configuring Quotas For Different Users


The user quotas are configured using the edquota command, followed by the desired user name or group name. The command will open the default configured text editor. In this guide, we assume that the user ftpuser should receive a quota of 10Mb. The command used is as follows:

edquota ftpuser

Which opens the quota file for editing

Disk quotas for user ftpuser (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/disk/by-label/DOROOT         8      10000      10240          2        0        0

The text editor shows 7 different columns:

  1. Indicates the name of the file system that has a quota enabled

  2. Indicates the amount of blocks currently used by the user

  3. Indicates the soft block limit for the user on the file system

  4. Indicates the hard block limit for the user on the file system

  5. Indicates the amount of inodes currently used by the user

  6. Indicates the soft inode limit for the user on the file system

  7. Indicates the hard inode limit for the user on the file system

The blocks refer to the amount of disk space, while the inodes refer to the number of files/folders that can be used. Most of the time the block amount will be used in the quota.

The hard block limit is the absolute maximum amount of disk space that a user or group can use. Once this limit is reached, no further disk space can be used. The soft block limit defines the maximum amount of disk space that can be used. However, unlike the hard limit, the soft limit can be exceeded for a certain amount of time. This time is known as the grace period. More information about the grace period later in the guide.

In the example above, a soft limit off 9,785Mb and hard limit of 10Mb are used. To see the quota in action an FTP/SFTP transfer can be started, where multiple files will be uploaded with a total size of 12 Mb for example (as long as its larger than the hard limit). The FTP/SFTP client will indicate a transfer error, meaning that the user will be unable to upload any files. Of course, 10Mb isn’t a meaningful quota. In this guide every user will get a soft limit of 976 Mb and a hard limit of 1Gb. The configuration looks as follows:

Disk quotas for user ftpuser (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/disk/by-label/DOROOT         8    1000000    1048576          2        0        0

For checking the quota of a specific user, the quota command can be used followed by the user or group

quota ftpuser

Which gives the following output

Disk quotas for user ftpuser (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/disk/by-label/DOROOT         8    1000000    1048576          2        0        0

Generating Reports


It is possible to generate a report from the different quotas. The following command is used:

repquota -a

Which produces the following output

*** Report for user quotas on device /dev/disk/by-label/DOROOT
Block grace time: 7days; Inode grace time: 7days
                        Block limits                File limits
User                used        soft      hard    grace    used    soft  hard  grace
------------------------------------------------------------------------------------
root          --   1118708        0         0             37093     0     0
daemon        --        68        0         0                 4     0     0
man           --      9568        0         0               139     0     0
www-data      --      2908        0         0                15     0     0
nobody        --         0        0         0                 1     0     0
libuuid       --        24        0         0                 2     0     0
Debian-exim   --        44        0         0                10     0     0
mysql         --     30116        0         0               141     0     0
ftpuser       --         8  1000000   1048576                 2     0     0

Optional: Specify A Grace Period


To give current users some time to reduce their files on the droplet, a grace period can be configured. This is the allowed time a user can exceed their soft limit, while still staying under the hard limit. The grace time is configured using the following command [notice that this is system wide; no user specific configuration is possible]. The grace period can be expressed in seconds, minutes, hours, days, weeks or months.

edquota -t

The command gives the following output and specifies the different time unites that could be used. For this guide, a grace period of 7 days is used.

Grace period before enforcing soft limits for users:
Time units may be: days, hours, minutes, or seconds
  Filesystem                    Block grace period     Inode grace period
  /dev/disk/by-label/DOROOT                  7days                  7days

Conclusion


The quotas will be automatically updated and enforced when a user transfers/creates/moves/deletes a file/folder. Remember that the quota program works by looking at the owner or group of a specific file/folder. SSH users could escape the quotas by changing the owner or group of their files.

Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.

Learn more about us


About the authors
Default avatar
Jan Stevens

author

Still looking for an answer?

Ask a questionSearch for more help

Was this helpful?
 
10 Comments


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

@etel

Needs updating as this does not work on Ubuntu 16.04 or 16.10, even with the extra commands noted by other users.

It looks the Ubuntu 16.04 LTS image (at least the 32bit) from DO mirrors is missing the quota module even if the config have the options for quota active.

Can you please give me a hand?

I’m getting the following error:

quotaon /

quotaon: using //quota.group on /dev/disk/by-label/DOROOT [/]: No such process quotaon: Quota format not supported in kernel. quotaon: using //quota.user on /dev/disk/by-label/DOROOT [/]: No such process quotaon: Quota format not supported in kernel.

hi i have a problem to enable quota

root@panel:/usr/sbin# quotaon / quotaon: using //quota.group on /dev/vda1 [/]: No such process quotaon: Quota format not supported in kernel. quotaon: using //quota.user on /dev/vda1 [/]: No such process quotaon: Quota format not supported in kernel.

Thanks

Sadly this does not work for me, no error, but while the quota is shown, I is not enforced.

I am guessing all things like LABEL=DOROOT need to be replaced by something? If so, with what do I need to replace it?

When I open edquota I have this listed: /dev/vda1 instead of /dev/disk/by-label/DOROOT, what do I do here?

@manyk

Your instructions helped me in a similar situation, thanks!

I needed to tweak this step: modprobe quota_v2 and modprove quota_v1 – notice the underscore

The only solution to this issue is to reinstall another image of the kernel who has Quota modules.

Try this way: apt-get remove linux-image-* apt-get install linux-image-extra-virtual

Reboot (preferrably from the DO console - use ‘Power Off’ followed by ‘Power On’ to allow the hypervisor to pickup the status changes).

Then run modprobe quota_v2 and modprobe quota_v1 in order to get ready to run quotas and continue with the rest of the configuration to have the quotas up and running.

I’ve added a new user:

useradd -d /home/habib -s /sbin/nologin habib

I already gave further limit the user habib:

edquota habib

Editor:

Disk quotas for user habib (uid 1002):
Filesystem                   blocks       soft       hard     inodes     soft     hard
/dev/disk/by-uuid/e1f7df1f-.....         0      10000      10240          0        0        0

but after I try to save and check the quota Habib, the results are:

Disk quotas for user habib (uid 1002): none

There is an error where? Thank you.

Kamal Nasser
DigitalOcean Employee
DigitalOcean Employee badge
July 10, 2014

@arajparaj: Simply run edquota username for each user that you want to set a quota limit to.

What if I have to add quota imits to a large number of users?

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Join the Tech Talk
Success! Thank you! Please check your email for further details.

Please complete your information!

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel