HFS+ Disk Quotas

From Secure Computing Wiki
Revision as of 10:40, 5 January 2009 by Ecrist (Talk | contribs) (save my place)

Jump to: navigation, search

Introduction

HFS+ on Mac OS X supports volume=level quotas based on user and group IDs. The corresponding quota file names are .quota.user and .quota.group. These files reside in the file system's root directory. Each file contains a header, followed by a hash table of structures specifying various quota limits and usage values for user or group IDs.

Enabling Disk Quotas

To enable disk quotas on Mac OS X systems, we need to create .quota.ops.user (or .quota.ops.group) within the file system's root directory. For my example here, I'm using my MacBook Pro with a single partition.

  1. First, we need to escalate our privileges to root.
    ecrist@Swordfish:~-> sudo csh
    Password:
    root@Swordfish:~-> 
  2. Next, we need to create an empty options file:
    root@Swordfish:~-> touch /.quota.ops.user
    root@Swordfish:~-> 
  3. After the options file is created, we should be able to run repquoata -a to get a list of current disk usage, by user name. Note that this command, when run initially, may take a few moments.
    root@Swordfish:~-> repquota -a
                            1K Block limits               File limits
    User                used        soft        hard  grace    used  soft  hard  grace
    _spotlight--           0           0           0              2     0     0       
    _lp       --           0           0           0              3     0     0       
    _teamsserver--         128           0           0             10     0     0       
    _xgridagent--           0           0           0              2     0     0       
    _mdnsresponder--          36           0           0              4     0     0       
    _unknown  --       14560           0           0              2     0     0       
    test      --       26812           0           0            664     0     0       
    _amavisd  --           8           0           0              6     0     0       
    _installer--      326832           0           0             67     0     0       
    _uucp     --        1520           0           0             10     0     0       
    504       --      114476           0           0            289     0     0       
    _xgridcontroller--           0           0           0              2     0     0       
    6185      --           0           0           0              4     0     0       
    daemon    --       27000           0           0            301     0     0       
    ecrist    --    66636284           0           0         156581     0     0       
    _postfix  --           0           0           0             13     0     0       
    _update_sharing--       11372           0           0             10     0     0       
    nobody    --        9080           0           0              9     0     0       
    _securityagent--          32           0           0              5     0     0       
    _atsserver--       20680           0           0              5     0     0
    My user name, ecrist, you'll notice, has a current usage of around 6GB (listed in 1K blocks).
  4. Turn quotas on with the quotaon command:
    root@Swordfish:~-> quotaon /
    root@Swordfish:~-> 
    The above command requires a filesystem device or mount path after quotaon. In my example, I've only got one mounted system. If you've got a USB device, or a second hard disk, use the mount point in place of / above.

At this point, disk quotas have been enabled, but there's currently no policy in place to enforce.

Setting Quota Limits

Once disk quotas have been enabled, we can set limits for our users. For this example, I've created a user, test, to test quotas.

  1. We can edit user quotas with the edquota command. edquota has many options, see the man page for a complete description. For our uses, we're going to use the -u (user) option, followed by a user name.
    root@Swordfish:~-> edquota -u test

    You will get a vi session with a temp file opened for editing. In our example, after running the above command, we have the following on our screen:

    Quotas for user test:
    /: 1K blocks in use: 26940, limits (soft = 0, hard = 0)
    |       inodes in use: 664, limits (soft = 0, hard = 0)
    

    While this isn't a vi how-to, I'll try to walk you through a bit so you can get your quotas defined. What we want to change in this file is the number (currently 0 for both) for hard and soft limits. For reference, inodes are files on the file system. Each and every file gets a single inode. Hard and soft links each get their own inode, even though they point to another file. They are files, themselves.

    To test, we're going to change inodes on soft from 0 to 665 (currently using 664):

    == More Information ==
    More information on HFS+ can be found at http://en.wikipedia.org/wiki/Hierarchical_File_System
    [[Category: Mac OS X]]