Oracle Solaris provides a mechanism to limit the amount of space a user or a group can occupy in a file system. This mechanism is called quotas. Traditionally, quotas enable you to limit the number of files or the number of blocks a user can allocate on a given file system.
Quotas are supported by UFS and ZFS file systems. NFS does not provide quotas by itself, but can propagate the information from server local file system to client.
This section focuses on UFS quotas. For information about ZFS quotas, see Setting ZFS Quotas and Reservations in Managing ZFS File Systems in Oracle Solaris 11.3.
UFS quotas limit the number of files and number of allocated blocks per user. Quotas can either be soft or hard. The soft and hard quota limits are applied to a user. When you exceed the soft quota limit, you will receive a notification but you can add more files and allocate blocks for a limited amount of time. When the time expires, you must remove the files and free the blocks until the quota limit is met. When using hard quota, the user actions are limited immediately when the limit is reached, and the response of the file system is identical to running out of space.
To activate quotas on a file system use the following commands.
# touch /tank/quotas # quotaon /tank
Quotas are disabled automatically on mount or reboot. To disable quotas manually, use the quotaoff command.
# quotaoff mountpoint
The quotaoff command disables quotas, and enables you to create files and allocate blocks without limits.
You must enable quotas manually for each file system. By default, no limits are imposed on the file system when you enable the quotas. Once the quotas are enabled, administrators can set limits for selected users using the edquota command.
# edquota username
When you run the edquota command, it invokes an editor with line:
fs /tank blocks (soft = 0, hard = 0) inodes (soft = 0, hard = 0)
After the number is set for soft and hard quotas on the allocated blocks and files, the files are edited and saved. Once saved, the quotas are automatically applied for the specified user account.
The soft quota expiration timeouts can be set separately for each file and block using the edquota -t command. For example:
# edquota -t
When you run the edquota command, it invokes an editor with line:
fs /tank blocks time limit = 1 week, files time limit = 7 days
The timeout can be specified in months, weeks, days, hours, minutes, or seconds. By default, the timeout for hard and soft quotas are 7 days.
Quota checking can be disabled while users still have access to the file system. This might cause inconsistency in quota counting. To synchronize the quota accounting with current state of the file system, use the quotacheck command. For example:
# quotacheck mountpoint | block_device
As quotacheck reads the data directly from the device bypassing the kernel, any activity going through the kernel is not accounted. If the file system cannot be unmounted for the duration of the command, it is highly suggested to turn off logging and minimize activities on the file system.
You can also control access to the files by using file attributes and permissions. Setting permissions and file attributes allow you to protect legitimate files. You can also use BART to detect security breaches. For more information about data security and file integrity, see Securing Files and Verifying File Integrity in Oracle Solaris 11.3.
For more information, see the edquota(1M), quotacheck(1M), and quotaoff(1M) man pages.