Quota subsystem¶
Quota subsystem allows system administrator to set limits on used space and number of used inodes (inode is a filesystem structure which is associated with each file or directory) for users and/or groups. For both used space and number of used inodes there are actually two limits. The first one is called softlimit and the second one hardlimit. A user can never exceed a hardlimit for any resource (unless he has CAP_SYS_RESOURCE capability). User is allowed to exceed softlimit but only for limited period of time. This period is called “grace period” or “grace time”. When grace time is over, user is not able to allocate more space/inodes until he frees enough of them to get below softlimit.
Quota limits (and amount of grace time) are set independently for each filesystem.
For more details about quota design, see the documentation in quota-tools package (https://sourceforge.net/projects/linuxquota).
Quota netlink interface¶
When user exceeds a softlimit, runs out of grace time or reaches hardlimit, quota subsystem traditionally printed a message to the controlling terminal of the process which caused the excess. This method has the disadvantage that when user is using a graphical desktop he usually cannot see the message. Thus quota netlink interface has been designed to pass information about the above events to userspace. There they can be captured by an application and processed accordingly.
The interface uses generic netlink framework (see https://lwn.net/Articles/208755/ and http://www.infradead.org/~tgr/libnl/ for more details about this layer). The name of the quota generic netlink interface is “VFS_DQUOT”. Definitions of constants below are in <linux/quota.h>. Since the quota netlink protocol is not namespace aware, quota netlink messages are sent only in initial network namespace.
Currently, the interface supports only one message type QUOTA_NL_C_WARNING. This command is used to send a notification about any of the above mentioned events. Each message has six attributes. These are (type of the argument is in parentheses):
- QUOTA_NL_A_QTYPE (u32)
- type of quota being exceeded (one of USRQUOTA, GRPQUOTA)
- QUOTA_NL_A_EXCESS_ID (u64)
- UID/GID (depends on quota type) of user / group whose limit is being exceeded.
- QUOTA_NL_A_CAUSED_ID (u64)
- UID of a user who caused the event
- QUOTA_NL_A_WARNING (u32)
what kind of limit is exceeded:
- QUOTA_NL_IHARDWARN
inode hardlimit
- QUOTA_NL_ISOFTLONGWARN
inode softlimit is exceeded longer than given grace period
- QUOTA_NL_ISOFTWARN
inode softlimit
- QUOTA_NL_BHARDWARN
space (block) hardlimit
- QUOTA_NL_BSOFTLONGWARN
space (block) softlimit is exceeded longer than given grace period.
- QUOTA_NL_BSOFTWARN
space (block) softlimit
four warnings are also defined for the event when user stops exceeding some limit:
- QUOTA_NL_IHARDBELOW
inode hardlimit
- QUOTA_NL_ISOFTBELOW
inode softlimit
- QUOTA_NL_BHARDBELOW
space (block) hardlimit
- QUOTA_NL_BSOFTBELOW
space (block) softlimit
- QUOTA_NL_A_DEV_MAJOR (u32)
- major number of a device with the affected filesystem
- QUOTA_NL_A_DEV_MINOR (u32)
- minor number of a device with the affected filesystem