一:磁盘配额
因为Linux系统中有多个用户,假如某个用户疏忽或者恶意占满磁盘空间,将导致系统磁盘无法写入甚至崩溃;为了保证系统磁盘的有足够的剩余空间,我们需要对用户和组进行磁盘空间使用限制。
1.1磁盘配额限制类型:
- 限制用户和组对磁盘空间的使用量(data block)
- 限制用户和组在磁盘内创建文件的个数(inode)
1.2磁盘配额限制级别: - 软限制:低级限制,此限制可以突破,突破时会被警告,
- 硬限制:绝对限制,此限制不会被突破,达到指定限制后无法使用更多空间
- 宽限天数:允许用户在每个文件系统指定的宽限期内超过他们的软限制。一旦宽限期过 期,软限制作为硬限制强制执行。
注意:磁盘配额只针对于分区
1.3磁盘配额开启条件
1.内核是否支持磁盘配额?
grep “CONFIG_QUOTA” /boot/config-3.10.0-957.el7.x86_64
2.磁盘配额相关命令是否安装?
rpm -q quota
1.4磁盘配额实验规划
准备空间足够大小的分区,要远大于实验的需求空间
添加磁盘、修改分区表类型、分区、格式化、挂载
创建实验用户和组
用户:laoq、laot、laoz
组:old
磁盘配额规划
old: 硬:500M 软:450M 文件数不限制
123: 硬:50M 软:40M 硬:10个 软:8个
234: 硬:250M 软:200M 文件数不限制
345: 硬:250M 软:200M 文件数不限制
宽限天数修改为8天
1.5磁盘配额实验流程
1.5.1 查看系统是否支持磁盘配额
[root@localhost ~]# grep "CONFIG_QUOTA" /boot/config-3.10.0-957.el7.x86_64
CONFIG_QUOTA=y
CONFIG_QUOTA_NETLINK_INTERFACE=y
# CONFIG_QUOTA_DEBUG is not set
CONFIG_QUOTA_TREE=y
CONFIG_QUOTACTL=y
CONFIG_QUOTACTL_COMPAT=y1.5.2 查看分区的挂载属性是否满足(是否开启了磁盘配额功能)
mount | grep “分区(挂载点)”
查看结果中是否包含usrquota、grpquota两个挂载属性?
如果没有两个挂载属性,则需要重新挂载并添加两个属性,并写入自动挂载
mount -o remount,usrquota,grpquota 分区名(挂载点)
创建分区实操:
[root@localhost ~]# gdisk /dev/sdb
GPT fdisk (gdisk) version 0.8.10
Partition table scan:
MBR: not present
BSD: not present
APM: not present
GPT: not present
Creating new GPT entries.
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-41943006, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-41943006, default = 41943006) or {+-}size{KMGTP}:
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): p
Disk /dev/sdb: 41943040 sectors, 20.0 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): DBBB401C-91AA-49DD-96A4-D4B444F41E8E
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 41943006
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)
Number Start (sector) End (sector) Size Code Name
1 2048 41943006 20.0 GiB 8300 Linux filesystem
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sdb.
The operation has completed successfully.
[root@localhost ~]# mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1 isize=512 agcount=4, agsize=1310655 blks
= sectsz=512 attr=2, projid32bit=1
= crc=1 finobt=0, sparse=0
data = bsize=4096 blocks=5242619, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0 ftype=1
log =internal log bsize=4096 blocks=2560, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@localhost ~]# vim /etc/fstab
进入添加
/dev/sdb1 /word xfs defaults,usrquota,grpquota 0 0
[root@localhost ~]# mount | grep sdb1
/dev/sdb1 on /word type xfs (rw,relatime,seclabel,attr2,inode64,usrquota,grpquota)1.5.3 创建用户、组
[root@localhost ~]# groupadd old
[root@localhost ~]# useradd -g old laoq
[root@localhost ~]# useradd -g old laot
[root@localhost ~]# useradd -g old laoz
[root@localhost ~]# echo "123456789" | passwd -- stdin laoz
passwd: Only one user name may be specified.
[root@localhost ~]# echo "123456" | passwd --stdin laoq
Changing password for user laoq.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo "123456" | passwd --stdin laot
Changing password for user laot.
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo "123456" | passwd --stdin laoz
Changing password for user laoz.
passwd: all authentication tokens updated successfully.1.5.4 设置用户或组的限制标准,编辑配置文件
CentOS 7:
xfs_quota -x -c 'limit bsoft=40m bhard=50m isoft=8 ihard=10 laow ' /movie
-x:专家模式
-c:用来指定后续规则作为quota命令的参数(若不指定默认以交互式进行)
limit:设置限制的命令
容量:bsoft(软) bhard(硬)
文件数:isoft(软) ihard(硬)[root@localhost ~]# xfs_quota -x -c 'limit bsoft=40m bhard=50m isoft=8 ihard=10 laoq' /dev/sdb1
[root@localhost ~]# xfs_quota -x -c 'limit bsoft=200m bhard=250m isoft=0 ihard=0 laot' /dev/sdb1
[root@localhost ~]# xfs_quota -x -c 'limit bsoft=200m bhard=250m isoft=0 ihard=0 laoz' /dev/sdb1
[root@localhost ~]# xfs_quota -x -c 'limit -g bsoft=450m bhard=500m isoft=0 ihard=0 old' /dev/sdb1
[root@localhost ~]# xfs_quota -x -c 'report' /dev/sdb1
User quota on /word (/dev/sdb1)
Blocks
User ID Used Soft Hard Warn/Grace
---------- --------------------------------------------------
root 0 0 0 00 [--------]
laoq 0 40960 51200 00 [--------]
laot 0 204800 256000 00 [--------]
laoz 0 204800 256000 00 [--------]
Group quota on /word (/dev/sdb1)
Blocks
Group ID Used Soft Hard Warn/Grace
---------- --------------------------------------------------
root 0 0 0 00 [--------]
old 0 460800 512000 00 [--------]1.5.5 启动和关闭磁盘配额
启动:quotaon 选项 分区名称
-u 启动用户的磁盘配额
-g 启动组的磁盘配额
-v 显示启动过程信息
关闭:quotaoff 选项 分区名称
-u 关闭用户的磁盘配额
-g 关闭组的磁盘配额
-v 显示启动过程信息启动
[root@localhost ~]# quotaon -ugv /dev/sdb1
quotaon: Enforcing group quota already on /dev/sdb1
quotaon: Enforcing user quota already on /dev/sdb1
关闭
[root@localhost ~]# quotaoff -ugv /dev/sdb1
Disabling group quota enforcement on /dev/sdb1
/dev/sdb1: group quotas turned off
Disabling user quota enforcement on /dev/sdb1
/dev/sdb1: user quotas turned off
再次启动,提示信息有变化
[root@localhost ~]# quotaon -ugv /dev/sdb1
Enabling group quota enforcement on /dev/sdb1
/dev/sdb1: group quotas turned on
Enabling user quota enforcement on /dev/sdb1
/dev/sdb1: user quotas turned on1.5.6 查看磁盘配额的信息
查询用户或组的配额:quota 选项 用户或组名
-u 用户名
-g 组名
-v 显示详细信息
-s 以常见单位显示大小
常见组合:-uvs -gvs查看用户
[root@localhost ~]# quota -uvs laoq
Disk quotas for user laoq (uid 1001):
Filesystem space quota limit grace files quota limit grace
/dev/sdb1 0K 40960K 51200K 0 8 10
查看组
[root@localhost ~]# quota -gvs old
Disk quotas for group old (gid 1001):
Filesystem space quota limit grace files quota limit grace
/dev/sdb1 0K 450M 500M 0 0 0查询指定分区的磁盘配额:repquota 选项 分区名
-u 查询用户配额
-g 查询组配额
-v 显示详情
-s 以常见单位显示
组合方式:-uvs -gvs -ugvs[root@localhost ~]# repquota -ugvs /dev/sdb1
*** Report for user quotas on device /dev/sdb1
Block grace time: 7days; Inode grace time: 7days
Space limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 0K 0K 0K 3 0 0
laoq -- 0K 40960K 51200K 0 8 10
laot -- 0K 200M 250M 0 0 0
laoz -- 0K 200M 250M 0 0 0
*** Status for user quotas on device /dev/sdb1
Accounting: ON; Enforcement: ON
Inode: #67 (2 blocks, 2 extents)
*** Report for group quotas on device /dev/sdb1
Block grace time: 7days; Inode grace time: 7days
Space limits File limits
Group used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 0K 0K 0K 3 0 0
old -- 0K 450M 500M 0 0 0
*** Status for group quotas on device /dev/sdb1
Accounting: ON; Enforcement: ON
Inode: #68 (2 blocks, 2 extents)1.5.7 验证磁盘配额是否生效
切换普通用户,进行文件创建,测试是否被限制
测试工具:
dd 生成指定大小的文件(dd命令详解见附件)
dd if=/dev/zero of=/分区名/testfile bs=1M count=60测试容量
首先我们要给/word目录权限 777也可以通过ACL授权
[root@localhost ~]# chmod 777 /word
[laoq@localhost word]$ dd if=/dev/zero of=/word/a.txt bs=1M count=60
dd: error writing ‘/word/a.txt’: Disk quota exceeded
51+0 records in
50+0 records out
52428800 bytes (52 MB) copied, 0.0440884 s, 1.2 GB/s
用户限制50M
[laot@localhost ~]$ dd if=/dev/zero of=/word/b.txt bs=1M count=250
250+0 records in
250+0 records out
262144000 bytes (262 MB) copied, 1.37997 s, 190 MB/s
完整写入
[laoz@localhost ~]$ dd if=/dev/zero of=/word/c.txt bs=1M count=250
dd: error writing ‘/word/c.txt’: Disk quota exceeded
201+0 records in
200+0 records out
209715200 bytes (210 MB) copied, 1.3509 s, 155 MB/s
组限制500M
[root@localhost ~]# repquota -ugvs /dev/sdb1
*** Report for user quotas on device /dev/sdb1
Block grace time: 7days; Inode grace time: 7days
Space limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 0K 0K 0K 3 0 0
laoq +- 51200K 40960K 51200K 6days 1 8 10
laot +- 250M 200M 250M 6days 1 0 0
laoz -- 200M 200M 250M 1 0 0
*** Status for user quotas on device /dev/sdb1
Accounting: ON; Enforcement: ON
Inode: #67 (2 blocks, 2 extents)
*** Report for group quotas on device /dev/sdb1
Block grace time: 7days; Inode grace time: 7days
Space limits File limits
Group used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 0K 0K 0K 3 0 0
old +- 500M 450M 500M 6days 3 0 0
*** Status for group quotas on device /dev/sdb1
Accounting: ON; Enforcement: ON
Inode: #68 (2 blocks, 2 extents)文件数量限制
[laoq@localhost word]$ touch {0..20}.txt
touch: cannot touch ‘10.txt’: Disk quota exceeded
touch: cannot touch ‘11.txt’: Disk quota exceeded
touch: cannot touch ‘12.txt’: Disk quota exceeded
touch: cannot touch ‘13.txt’: Disk quota exceeded
touch: cannot touch ‘14.txt’: Disk quota exceeded
touch: cannot touch ‘15.txt’: Disk quota exceeded
touch: cannot touch ‘16.txt’: Disk quota exceeded
touch: cannot touch ‘17.txt’: Disk quota exceeded
touch: cannot touch ‘18.txt’: Disk quota exceeded
touch: cannot touch ‘19.txt’: Disk quota exceeded
touch: cannot touch ‘20.txt’: Disk quota exceeded
[laoq@localhost word]$ ll
total 460800
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 0.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 1.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 2.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 3.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 4.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 5.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 6.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 7.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 8.txt
-rw-r--r--. 1 laoq old 0 Apr 22 06:33 9.txt
-rw-r--r--. 1 laot old 262144000 Apr 22 06:24 b.txt
-rw-r--r--. 1 laoz old 209715200 Apr 22 06:26 c.txt
数量限制10个(0-9)创建成功1.5.8 编辑配置文件修改限制(不常用)
命令:edquota 选项 用户或组
-u:修改用户的限额配置
-g:修改组的限额配置[root@localhost ~]# edquota -u laow
Disk quotas for user laow (uid 1000):
Filesystem blocks soft hard inodes soft hard
/dev/sdb1 0 40960 51200 0 8 10
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
