When files are created, both a user and a group own them; ownership of the files is always part of the metadata about the files. This makes quotas based on both users and groups easy to manage.
To manage disk quotas, you must have the quota package installed on your system; it is usually installed by default. Quota management with Fedora is not enabled by default and has traditionally been enabled and configured manually by system administrators. Sysadmins use the family of quota commands, such as quotacheck to initialize the quota database files, edquota to set and edit user quotas, setquota to configure disk quotas, and quotaon or quotaoff to control the service. (Other utilities include warnquota for automatically sending mail to users over their disk-space usage limit.)
Implementing Quotas
To reiterate, quotas might not be enabled by default, even if the quota software package is installed on your system. When quotas are installed and enabled, you can see which partitions have user quotas, group quotas, or both by looking at the fourth field in the /etc/fstab file. For example, one line in /etc/fstab shows that quotas are enabled for the /home partition:
/dev/sda5 /home ext3 defaults,usrquota,grpquota 1 1
The root of the partition with quotas enabled has the files aquota.user or aquota.group in them (or both files, if both types of quotas are enabled), and the files contain the actual quotas. The permissions of these files should be 600 so that users cannot read or write to them. (Otherwise, users would change them to allow ample space for their music files and Internet art collections.) To initialize disk quotas, the partitions must be remounted. This is easily accomplished with the following:
# mount -o ro,remount partition_to_be_remounted mount_point
The underlying console tools (complete with man pages) are as follows:
► quotaon, quotaoff — Toggles quotas on a partition.
► repquota — A summary status report on users and groups.
► quotacheck — Updates the status of quotas (compares new and old tables of disk usage); it is run after fsck.
► edquota — A basic quota management command.
Manually Configuring Quotas
Manual configuration of quotas involves changing entries in your system's file system table, /etc/fstab, to add the usrquota mount option to the desired portion of your file system. As an example in a simple file system, quota management can be enabled like this:
LABEL=/ / ext3 defaults,usrquota 1 1
Group-level quotas can also be enabled by using the grpquota option. As the root opera tor, you must then create a file (using the example of creating user quotas) named aquota.user in the designated portion of the file system, like so:
# touch /quota.user
You should then turn on the use of quotas by using the quotaon command:
# quotaon -av
You can then edit user quotas with the edquota command to set hard and soft limits on file system use. The default system editor (vi unless you change your EDITOR environment variable) is launched when a user's quota is edited.
Any user can find out what her quotas are with the following:
$ quota -v
No graphical tools supported by Fedora can be used to configure disk quotas. A Quota mini-HOWTO is maintained at http://www.tldp.org/HOWTO/Quota.html.
You will use these commands to manage user accounts in Fedora:
► ac — A user account-statistics command
► change — Sets or modifies user password expiration policies
► chfn — Creates or modifies user finger information in /etc/passwd
► chgrp — Modifies group memberships
► chmod — Changes file permissions
► chown — Changes file ownerships
► chpasswd — Batch command to modify user passwords
► chsh — Modifies a user's shell
► groups — Displays existing group memberships
► logname — Displays a user's login name
► newusers — Batches user management command
► passwd — Creates or modifies user passwords
► su — Executes shell or command as another user
► sudo — Manages selected user execution permissions
► system-config-users — Fedora's graphical user management tool
► useradd — Creates, modifies, or manages users
► userinfo — Fedora's graphical chfn command
► usermod — Edits a user's login profile
► userpasswd — Fedora's graphical user password command
Reference
► http://howtos.linux.com/howtos/User-Authentication-HOWTO/index.shtml — The User-Authentication HOWTO describes how user and group information is stored and used for authentication.
► http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Shadow-Password-HOWTO.html — The Shadow-Password HOWTO delves into the murky depths of shadow passwords and even discusses why you might not want to use them.
► http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Security-HOWTO.html — A must-read HOWTO, the Security HOWTO is a good overview of security issues. Especially applicable to this chapter are sections on creating accounts, file permissions, and password security.
► http://www.secinf.net/unix_security/Linux_Administrators_Security_Guide/— A general guide, the Linux System Administrator's Security Guide has interesting sections on limiting and monitoring users.
► http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Path.html — How can one know the true path? The Path HOWTO sheds light on this issue. You need to understand paths if you want to guide the users to their data and applications.
► http://www.courtesan.com/sudo/ — The SUperuser DO command is a powerful and elegant way to delegate authority to regular users for specific commands.
► http://www.kernel.org/pub/linux/libs/pam/index.html — The Pluggable Authentication Modules suite contains complex and highly useful applications that provide additional security and logging for passwords. PAM is installed by default in Fedora. It is not necessary to understand the intricacies of PAM to use it effectively.