debian文件系统_如何在Debian 10上设置文件系统配额

debian文件系统

介绍 (Introduction)

Quotas are used to limit the amount of disk space a user or group can use on a filesystem. Without such limits, a user could fill up the machine’s disk and cause problems for other users and services.

配额用于限制用户或组可以在文件系统上使用的磁盘空间量。 没有这样的限制，用户可能会填满机器的磁盘，并给其他用户和服务造成问题。

In this tutorial we will install command line tools to create and inspect disk quotas, then set a quota for an example user.

在本教程中，我们将安装命令行工具来创建和检查磁盘配额，然后为示例用户设置配额。

先决条件 (Prerequisites)

This tutorial assumes you are logged into a Debian 10 server, with a non-root, sudo-enabled user, as described in Initial Server Setup with Debian 10.

本教程假定您已使用非root用户且启用了sudo的身份登录Debian 10服务器，如使用Debian 10进行初始服务器设置中所述。

The techniques in this tutorial should generally work on Linux distributions other than Debian, but may require some adaptation.

本教程中的技术通常应在Debian以外的Linux发行版上工作，但可能需要一些调整。

步骤1 –安装配额工具 (Step 1 – Installing the Quota Tools)

To set and check quotas, we first need to install the quota command line tools using apt. Let’s update our package list, then install the package:

要设置和检查配额，我们首先需要使用apt安装配额命令行工具。 让我们更新包列表，然后安装包：

sudo apt update
sudo apt install quota

You can verify that the tools are installed by running the quota command and asking for its version information:

您可以通过运行quota命令并询问其版本信息来验证工具是否已安装：

quota --version

   
   

    
    Output
   
   
Quota utilities version 4.04.
. . .

It’s fine if your output shows a slightly different version number.

如果您的输出显示的版本号稍有不同，那就很好。

Next we will update our filesystem’s mount options to enable quotas on our root filesystem.

接下来，我们将更新文件系统的mount选项，以在根文件系统上启用配额。

步骤2 –更新文件系统挂载选项 (Step 2 – Updating Filesystem Mount Options)

To activate quotas on a particular filesystem, we need to mount it with a few quota-related options specified. We do this by updating the filesystem’s entry in the /etc/fstab configuration file. Open that file in your favorite text editor now:

要在特定文件系统上激活配额，我们需要使用一些指定的配额相关选项来挂载它。 为此，我们更新了/etc/fstab配置文件中文件系统的条目。 立即在您喜欢的文本编辑器中打开该文件：

sudo nano /etc/fstab

The file’s contents will be similar to the following:

该文件的内容将类似于以下内容：

/etc/fstab

/ etc / fstab

# /etc/fstab: static file system information.
UUID=06b2aae3-b525-4a4c-9549-0fc6045bd08e   / ext4    errors=remount-ro   0   1

This fstab file is from a virtual server. A desktop or laptop computer will probably have a slightly different looking fstab, but in most cases you’ll have a / or root filesystem that represents all of your disk space.

该fstab文件来自虚拟服务器。 台式机或便携式计算机的fstab外观可能略有不同，但是在大多数情况下，您将拥有一个/或表示所有磁盘空间的根文件系统。

Update the line pointing to the root filesystem by adding options as follows:

通过添加选项来更新指向根文件系统的行，如下所示：

/etc/fstab

/ etc / fstab

# /etc/fstab: static file system information.
UUID=06b2aae3-b525-4a4c-9549-0fc6045bd08e   /   ext4    errors=remount-ro,usrquota,grpquota   0   1

You will add the new options to the end of any existing options, being sure to separate them all with a comma and no spaces. The above change will allow us to enable both user- (usrquota) and group-based (grpquota) quotas on the filesystem. If you only need one or the other, you may leave out the unused option.

您将新选项添加​​到任何现有选项的末尾，请确保将所有选项以逗号分隔且没有空格。 上述改变将使我们能够同时启用用户( usrquota )和基于组的( grpquota )配额的文件系统。 如果只需要其中一个，则可以忽略未使用的选项。

Remount the filesystem to make the new options take effect:

重新挂载文件系统以使新选项生效：

sudo mount -o remount /

Note: Be certain there are no spaces between the options listed in your /etc/fstab file. If you put a space after the , comma, you will see an error like the following:

注意：确保/etc/fstab文件中列出的选项之间没有空格。 如果在后加一个空格,逗号，你会看到如下的错误：

   
   

    
    Output
   
   
mount: /etc/fstab: parse error at line 2 -- ignored

If you see this message after running the previous mount command, reopen the fstab file, correct any errors, and repeat the mount command before continuing.

如果在运行上一个mount命令后看到此消息，请重新打开fstab文件，更正所有错误，然后重复mount命令，然后再继续。

We can verify that the new options were used to mount the filesystem by looking at the /proc/mounts file. Here, we use grep to show only the root filesystem entry in that file:

我们可以通过查看/proc/mounts文件来验证是否使用了新选项来挂载文件系统。 在这里，我们使用grep仅显示该文件中的根文件系统条目：

cat /proc/mounts | grep ' / '

   
   

    
    Output
   
   
/dev/vda1 / ext4 rw,relatime,quota,usrquota,grpquota,errors=remount-ro,data=ordered 0 0

Note the two options that we specified. Now that we’ve installed our tools and updated our filesystem options, we can turn on the quota system.

请注意我们指定的两个选项。 现在我们已经安装了工具并更新了文件系统选项，我们可以打开配额系统。

步骤3 –启用配额 (Step 3 – Enabling Quotas)

Before finally turning on the quota system, we need to manually run the quotacheck command once:

在最终打开配额系统之前，我们需要手动运行一次quotacheck命令：

sudo quotacheck -ugm /

This command creates the files /aquota.user and /aquota.group. These files contain information about the limits and usage of the filesystem, and they need to exist before we turn on quota monitoring. The quotacheck parameters we’ve used are:

此命令创建文件/aquota.user和/aquota.group 。 这些文件包含有关文件系统的限制和使用情况的信息，在打开配额监视之前，它们必须存在。 我们使用的quotacheck参数为：

• u: specifies that a user-based quota file should be created

  u ：指定应创建基于用户的配额文件

• g: indicates that a group-based quota file should be created

  g ：指示应创建基于组的配额文件

• m: disables remounting the filesystem as read-only while performing the initial tallying of quotas. Remounting the filesystem as read-only will give more accurate results in case a user is actively saving files during the process, but is not necessary during this initial setup.

  m ：在执行配额的初始计数时，禁用将文件系统重新安装为只读。 如果用户在此过程中积极保存文件，则将文件系统重新安装为只读将提供更准确的结果，但在此初始设置过程中则不必要。

If you don’t need to enable user- or group-based quotas, you can leave off the corresponding quotacheck option.

如果不需要启用基于用户或基于组的配额，则可以取消相应的quotacheck选项。

We can verify that the appropriate files were created by listing the root directory:

我们可以通过列出根目录来验证是否创建了适当的文件：

ls /

   
   

    
    Output
   
   
aquota.group  bin   dev  home        initrd.img.old  lib64       media  opt   root  sbin  sys  usr  vmlinuz
aquota.user   boot  etc  initrd.img  lib             lost+found  mnt    proc  run   srv   tmp  var  vmlinuz.old

If you didn’t include the u or g options in the quotacheck command, the corresponding file will be missing. Now we’re ready to turn on the quota system:

如果您没有在quotacheck命令中包括u或g选项，则相应的文件将丢失。 现在我们准备打开配额系统：

sudo quotaon -v /

   
   

    
    Output
   
   
/dev/vda1 [/]: group quotas turned on
/dev/vda1 [/]: user quotas turned on

Our server is now monitoring and enforcing quotas, but we’ve not set any yet! Next we’ll set a disk quota for a single user.

我们的服务器现在正在监视和强制执行配额，但是我们尚未设置任何配额！ 接下来，我们将为单个用户设置磁盘配额。

步骤4 –为用户配置配额 (Step 4 – Configuring Quotas for a User)

There are a few ways we can set quotas for users or groups. Here, we’ll go over how to set quotas with both the edquota and setquota commands.

我们可以通过几种方式为用户或组设置配额。 在这里，我们将介绍如何使用edquota和setquota命令设置配额。

使用edquota设置用户配额 (Using edquota to Set a User Quota)

We use the edquota command to edit quotas. Let’s edit our example sammy user’s quota:

我们使用edquota命令来编辑 quota 。 让我们编辑示例“ sammy”用户的配额：

sudo edquota -u sammy

The -u option specifies that this is a user quota we’ll be editing. If you’d like to edit a group’s quota instead, use the -g option in its place.

-u选项指定这是我们将要编辑的user配额。 如果您想编辑组的配额，请在其位置使用-g选项。

This will open up a file in the default text editor, similar to how crontab -e opens a temporary file for you to edit. The file will look similar to this:

这将在默认的文本编辑器中打开一个文件，类似于crontab -e如何打开一个临时文件供您编辑。 该文件将类似于以下内容：

Disk quotas for user sammy (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/vda1                        24          0          0          7        0        0

This lists the username and uid, the filesystems that have quotas enabled on them, and the block- and inode-based usage and limits. Setting an inode-based quota would limit how many files and directories a user can create, regardless of the amount of disk space they use. Most people will want block-based quotas, which specifically limit disk space usage. This is what we will configure.

这列出了用户名和uid ，已启用配额的文件系统以及基于块和inode的用法和限制。 设置基于索引节点的配额将限制用户可以创建多少个文件和目录，而不管他们使用多少磁盘空间。 大多数人会想要基于块的配额，这特别限制了磁盘空间的使用。 这就是我们将要配置的。

Note: The concept of a block is poorly specified and can change depending on many factors, including which command line tool is reporting them. In the context of setting quotas on Debian, it’s fairly safe to assume that 1 block equals 1 kilobyte of disk space.

注意： 块的概念定义不充分，并且可能会根据许多因素(包括哪个命令行工具正在报告它们)而改变。 在Debian上设置配额的情况下，假设1块等于1 KB磁盘空间是相当安全的。

In the above listing, our user sammy is using 24 blocks, or 24KB of space on the /dev/vda1 drive. The soft and hard limits are both disabled with a 0 value.

在上面的清单中，我们的用户sammy在/dev/vda1驱动器上使用了24个块或24KB的空间。 soft限制和hard限制都被禁用，值为0 。

Each type of quota allows you to set both a soft limit and a hard limit. When a user exceeds the soft limit, they are over quota, but they are not immediately prevented from consuming more space or inodes. Instead, some leeway is given: the user has – by default – seven days to get their disk use back under the soft limit. At the end of the seven day grace period, if the user is still over the soft limit it will be treated as a hard limit. A hard limit is less forgiving: all creation of new blocks or inodes is immediately halted when you hit the specified hard limit. This behaves as if the disk is completely out of space: writes will fail, temporary files will fail to be created, and the user will start to see warnings and errors while performing common tasks.

每种配额允许您设置软限制和硬限制 。 当用户超出软限制时，他们将超出配额，但是不会立即阻止他们消耗更多空间或索引节点。 取而代之的是留出一些余地：默认情况下，用户有7天的时间使磁盘使用率回到软限制之下。 在7天宽限期结束时，如果用户仍超出软限制，则将其视为硬限制。 硬限制的宽容程度较小：达到指定的硬限制后，所有新块或inode的创建都将立即停止。 这表现为磁盘完全没有空间：写入将失败，临时文件将无法创建，并且用户在执行常见任务时将开始看到警告和错误。

Let’s update our sammy user to have a block quota with a 100MB soft limit, and a 110MB hard limit:

让我们更新萨米用户，使其具有100 MB的软限制和110 MB的硬限制的块配额：

Disk quotas for user sammy (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/vda1                        24       100M       110M          7        0        0

Save and close the file. To check the new quota we can use the quota command:

保存并关闭文件。 要检查新的配额，我们可以使用quota命令：

sudo quota -vs sammy

   
   

    
    Output
   
   
Disk quotas for user sammy (uid 1001):
     Filesystem   space   quota   limit   grace   files   quota   limit   grace
      /dev/vda1     24K    100M    110M               7       0       0

The command outputs our current quota status, and shows that our quota is 100M while our limit is 110M. This corresponds to the soft and hard limits respectively.

该命令输出我们当前的配额状态，并显示我们的配额为100M而我们的限制为110M 。 这分别对应于软限制和硬限制。

Note: If you want your users to be able to check their own quotas without having sudo access, you’ll need to give them permission to read the quota files we created in Step 4. One way to do this would be to make a users group, make those files readable by the users group, and then make sure all your users are also placed in the group.

注意：如果希望用户能够在没有sudo访问权限的情况下检查他们自己的配额，则需要授予他们读取我们在步骤4中创建的配额文件的权限。一种方法是让users组，使这些文件对users组可读，然后确保所有用户也都位于该组中。

To learn more about Linux permissions, including user and group ownership, please read An Introduction to Linux Permissions

要了解有关Linux权限(包括用户和组所有权)的更多信息，请阅读Linux权限简介。

使用setquota设置用户配额 (Using setquota to Set a User Quota)

Unlike edquota, setquota will update our user’s quota information in a single command, without an interactive editing step. We will specify the username and the soft and hard limits for both block- and inode-based quotas, and finally the filesystem to apply the quota to:

与edquota不同， setquota将在单个命令中更新用户的配额信息，而无需进行交互式编辑。 我们将为基于块和基于inode的配额指定用户名以及软限制和硬限制，最后将文件系统应用到以下配额：

sudo setquota -u sammy 200M 220M 0 0 /

The above command will double sammy’s block-based quota limits to 200 megabytes and 220 megabytes. The 0 0 for inode-based soft and hard limits indicates that they remain unset. This is required even if we’re not setting any inode-based quotas.

上面的命令会将sammy的基于块的配额限制加倍，达到200兆字节和220兆字节。 基于inode的软限制和硬限制的0 0表示它们未设置。 即使我们未设置任何基于inode的配额，这也是必需的。

Once again, use the quota command to check our work:

再次使用quota命令检查我们的工作：

sudo quota -vs sammy

   
   

    
    Output
   
   
Disk quotas for user sammy (uid 1001): 
     Filesystem   space   quota   limit   grace   files   quota   limit   grace
      /dev/vda1     24K    200M    220M               7       0       0

Now that we have set some quotas, let’s find out how to generate a quota report.

现在我们已经设置了一些配额，让我们了解如何生成配额报告。

步骤5 –生成配额报告 (Step 5 – Generating Quota Reports)

To generate a report on current quota usage for all users on a particular filesystem, use the repquota command:

要生成有关特定文件系统上所有用户当前配额使用情况的报告，请使用repquota命令：

sudo repquota -s /

   
   

    
    Output
   
   
*** Report for user quotas on device /dev/vda1
Block grace time: 7days; Inode grace time: 7days
                        Space limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
root      --    981M      0K      0K          35234     0     0
nobody    --   7664K      0K      0K              3     0     0
ntp       --     12K      0K      0K              3     0     0
_apt      --      8K      0K      0K              2     0     0
debian    --     16K      0K      0K              4     0     0
sammy     --     24K    200M    220M              7     0     0

In this instance we’re generating a report for the / root filesystem. The -s command tells repquota to use human-readable numbers when possible. There are a few system users listed, which probably have no quotas set by default. Our user sammy is listed at the bottom, with the amounts used and soft and hard limits.

在这种情况下，我们将为/ 根文件系统生成一个报告。 -s命令告诉repquota在可能的repquota下使用人类可读的数字。 列出了一些系统用户，默认情况下可能未设置配额。 我们的用户sammy列在底部，其中使用了数量以及软限制和硬限制。

Also note the Block grace time: 7days callout, and the grace column. If our user was over the soft limit, the grace column would show how much time they had left to get back under the limit.

另外要注意的Block grace time: 7days标注，和grace列。 如果我们的用户超出了软限制，则grace限度列将显示他们还剩下多少时间才能回到该限制之下。

In the next step we’ll update the grace periods for our quota system.

在下一步中，我们将更新配额系统的宽限期。

第6步–配置超额宽限期 (Step 6 – Configuring a Grace Period for Overages)

We can configure the period of time where a user is allowed to float above the soft limit. We use the setquota command to do so:

我们可以配置允许用户浮动超过软限制的时间段。 我们使用setquota命令来这样做：

sudo setquota -t 864000 864000 /

The above command sets both the block and inode grace times to 864000 seconds, or 10 days. This setting applies to all users, and both values must be provided even if you don’t use both types of quota (block vs. inode).

上面的命令将块和索引节点的宽限时间都设置为864000秒，即10天。 此设置适用于所有用户，即使您不同时使用两种配额(块对inode)，也必须提供两个值。

Note that the values must be specified in seconds.

请注意， 必须以秒为单位指定值。

Run repquota again to check that the changes took effect:

再次运行repquota以检查更改是否生效：

sudo repquota -s /

   
   

    
    Output
   
   
Block grace time: 10days; Inode grace time: 10days
. . .

The changes should be reflected immediately in the repquota output.

更改应立即反映在repquota输出中。

结论 (Conclusion)

In this tutorial we installed the quota command line tools, set up a block-based quota for one user, and generated a report on our filesystem’s quota usage.

在本教程中，我们安装了quota命令行工具，为一个用户设置了基于块的配额，并生成了有关文件系统配额使用情况的报告。

附录：与配额有​​关的常见错误消息 (Appendix: Common Quota-related Error Messages)

The following are some common errors you may see when setting up and manipulating filesystem quotas.

以下是设置和操作文件系统配额时可能会看到的一些常见错误。

   
   

    
    quotaon Output
   
   
quotaon: cannot find //aquota.group on /dev/vda1 [/]
quotaon: cannot find //aquota.user on /dev/vda1 [/]

This is an error you might see if you tried to turn on quotas (using quotaon) before running the initial quotacheck command. The quotacheck command creates the aquota or quota files needed to turn on the quota system. See Step 3 for more information.

如果您在运行初始quotacheck命令之前尝试打开配额(使用quotaon )，则可能会看到此错误。 quotacheck命令创建打开配额系统所需的aquota或quota文件。 有关更多信息，请参见步骤3 。

   
   

    
    quota Output
   
   
quota: Cannot open quotafile //aquota.user: Permission denied
quota: Cannot open quotafile //aquota.user: Permission denied
quota: Cannot open quotafile //quota.user: No such file or directory

This is the error you’ll see if you run quota and your current user does not have permission to read the quota files for your filesystem. You (or your system administrator) will need to adjust the file permissions appropriately, or use sudo when running commands that require access to the quota file.

如果您运行quota并且当前用户没有权限读取文件系统的配额文件，则会看到此错误。 您(或您的系统管理员)将需要适当地调整文件许可权，或者在运行需要访问配额文件的sudo时使用sudo 。

To learn more about Linux permissions, including user and group ownership, please read An Introduction to Linux Permissions

要了解有关Linux权限(包括用户和组所有权)的更多信息，请阅读Linux权限简介。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-set-filesystem-quotas-on-debian-10

debian文件系统