Security Guide

Setting Up the Disk Quota System

Typically, only those file systems that contain user home directories and files require disk quotas. Consider implementing the disk quota system under the following conditions:

• Your system has limited disk space.
• You require more file-system security.
• Your disk-usage levels are large, such as at many universities.

If these conditions do not apply to your environment, you might not want to create disk-usage limits by implementing the disk quota system.

The disk quota system works only with the journaled file system.

To set up the disk quota system, use the following procedure:

1. Log in with root authority.
2. Determine which file systems require quotas.

   Note: Because many editors and system utilities create temporary files in the /tmp file system, it must be free of quotas.

3. Use the chfs command to include the userquota and groupquota quota configuration attributes in the /etc/filesystems file. The following example uses the chfs command to enable user quotas on the /home file system:

   chfs -a "quota = userquota" /home

   To enable both user and group quotas on the /home file system, type:

   chfs -a "quota = userquota,groupquota" /home

   The corresponding entry in the /etc/filesystems file is displayed as follows:

   /home:
   dev        = /dev/hd1
   vfs        = jfs
   log        = /dev/hd8
   mount      = true
   check      = true
   quota      = userquota,groupquota
   options    = rw

4. Optionally, specify alternate disk quota file names. The quota.user and quota.group file names are the default names located at the root directories of the file systems enabled with quotas. You can specify alternate names or directories for these quota files with the userquota and groupquota attributes in the /etc/filesystems file.

   The following example uses the chfs command to establish user and group quotas for the /home file system, and names the myquota.user and myquota.group quota files:

   chfs -a "userquota = /home/myquota.user" -a "groupquota = /home
           /myquota.group" /home

   The corresponding entry in the /etc/filesystems the is displayed as follows:

   /home:
   dev        = /dev/hd1
   vfs        = jfs
   log        = /dev/hd8
   mount      = true
   check      = true
   quota      = userquota,groupquota
   userquota  = /home/myquota.user
   groupquota = /home/myquota.group
   options    = rw

5. If they are not previously mounted, mount the specified file systems.
6. Set the desired quota limits for each user or group. Use the edquota command to create each user or group's soft and hard limits for allowable disk space and maximum number of files.

   The following example entry shows quota limits for the davec user:

   Quotas for user davec:
   /home: blocks in use: 30, limits (soft = 100, hard = 150)
           inodes in use: 73, limits (soft = 200, hard = 250)

   This user has used 30 KB of the maximum 100 KB of disk space. Of the maximum 200 files, davec has created 73. This user has buffers of 50 KB of disk space and 50 files that can be allocated to temporary storage.

   When establishing disk quotas for multiple users, use the -p flag with the edquota command to duplicate a user's quotas for another user.

   To duplicate the quotas established for user davec for user nanc, type:

   edquota -p davec nanc

7. Enable the quota system with the quotaon command. The quotaon command enables quotas for a specified file system, or for all file systems with quotas (as indicated in the /etc/filesystems file) when used with the -a flag.
8. Use the quotacheck command to check the consistency of the quota files against actual disk usage.

   Note: It is recommended that you do this each time you first enable quotas on a file system and after you reboot the system.

   To enable this check and to turn on quotas during system startup, add the following lines at the end of the /etc/rc file:

   echo " Enabling filesystem quotas "
   /usr/sbin/quotacheck -a 
   /usr/sbin/quotaon -a