$ sudo -l
On large systems with many users, you need to control the amount of disk space a user has access to. Disk quotas are designed for this purpose. Quotas, managed per each partition, can be set for both individual users and for groups; quotas for the group need not be as large as the aggregate quotas for the individuals in the groups.
When files are created, both a user and a group own them; ownership of the files is always part of the metadata about the files. This makes quotas based on both users and groups easy to manage.
To manage disk quotas, you must have the quota package installed on your system; it is usually installed by default. Quota management with Fedora is not enabled by default and has traditionally been enabled and configured manually by system administrators. Sysadmins use the family of quota commands, such as quotacheck
to initialize the quota database files, edquota
to set and edit user quotas, setquota
to configure disk quotas, and quotaon
or quotaoff
to control the service. (Other utilities include warnquota
for automatically sending mail to users over their disk-space usage limit.)
To reiterate, quotas might not be enabled by default, even if the quota software package is installed on your system. When quotas are installed and enabled, you can see which partitions have user quotas, group quotas, or both by looking at the fourth field in the /etc/fstab
file. For example, one line in /etc/fstab
shows that quotas are enabled for the /home
partition:
/dev/sda5 /home ext3 defaults,usrquota,grpquota 1 1
The root of the partition with quotas enabled has the files aquota.user
or aquota.group
in them (or both files, if both types of quotas are enabled), and the files contain the actual quotas. The permissions of these files should be 600
so that users cannot read or write to them. (Otherwise, users would change them to allow ample space for their music files and Internet art collections.) To initialize disk quotas, the partitions must be remounted. This is easily accomplished with the following:
# mount -o ro,remount partition_to_be_remounted mount_point
The underlying console tools (complete with man pages) are as follows:
► quotaon
, quotaoff
— Toggles quotas on a partition.
► repquota
— A summary status report on users and groups.
► quotacheck
— Updates the status of quotas (compares new and old tables of disk usage); it is run after fsck
.
► edquota
— A basic quota management command.
Manually Configuring Quotas
Manual configuration of quotas involves changing entries in your system's file system table, /etc/fstab
, to add the usrquota
mount option to the desired portion of your file system. As an example in a simple file system, quota management can be enabled like this:
LABEL=/ / ext3 defaults,usrquota 1 1
Group-level quotas can also be enabled by using the grpquota
option. As the root opera tor, you must then create a file (using the example of creating user quotas) named aquota.user
in the designated portion of the file system, like so:
# touch /quota.user
You should then turn on the use of quotas by using the quotaon
command:
# quotaon -av
You can then edit user quotas with the edquota
command to set hard and soft limits on file system use. The default system editor ( vi
unless you change your EDITOR
environment variable) is launched when a user's quota is edited.
Any user can find out what her quotas are with the following:
$ quota -v
NOTE
No graphical tools supported by Fedora can be used to configure disk quotas. A Quota mini-HOWTO is maintained at http://www.tldp.org/HOWTO/Quota.html.
Related Fedora Commands
You will use these commands to manage user accounts in Fedora:
► ac
— A user account-statistics command
► change
— Sets or modifies user password expiration policies
► chfn
— Creates or modifies user finger information in /etc/passwd
► chgrp
— Modifies group memberships
► chmod
— Changes file permissions
► chown
— Changes file ownerships
► chpasswd
— Batch command to modify user passwords
► chsh
— Modifies a user's shell
► groups
— Displays existing group memberships
► logname
— Displays a user's login name
► newusers
— Batches user management command
► passwd
— Creates or modifies user passwords
► su
— Executes shell or command as another user
► sudo
— Manages selected user execution permissions
► system-config-users
— Fedora's graphical user management tool
► useradd
— Creates, modifies, or manages users
► userinfo
— Fedora's graphical chfn
command
► usermod
— Edits a user's login profile
► userpasswd
— Fedora's graphical user password command
► http://howtos.linux.com/howtos/User-Authentication-HOWTO/index.shtml— The User-Authentication HOWTO describes how user and group information is stored and used for authentication.
► http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Shadow-Password-HOWTO.html— The Shadow-Password HOWTO delves into the murky depths of shadow passwords and even discusses why you might not want to use them.
► http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Security-HOWTO.html— A must-read HOWTO, the Security HOWTO is a good overview of security issues. Especially applicable to this chapter are sections on creating accounts, file permissions, and password security.
► http://www.secinf.net/unix_security/Linux_Administrators_Security_Guide/— A general guide, the Linux System Administrator's Security Guide has interesting sections on limiting and monitoring users.
► http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Path.html— How can one know the true path? The Path HOWTO sheds light on this issue. You need to understand paths if you want to guide the users to their data and applications.
► http://www.courtesan.com/sudo/— The SU
peruser DO
command is a powerful and elegant way to delegate authority to regular users for specific commands.
► http://www.kernel.org/pub/linux/libs/pam/index.html— The Pluggable Authentication Modules suite contains complex and highly useful applications that provide additional security and logging for passwords. PAM is installed by default in Fedora. It is not necessary to understand the intricacies of PAM to use it effectively.
Читать дальше