VS Quota HowTo

How to use Quota Support for VS

Quota on a separate partition (LVM, Conv. Quota)

This is an example for setting up quota support for a VServer based
system. It tries to explain how to setup user/group quota on a separate
partition. If you want to use context quota support on a shared partition,
have a look at the Context Quota HowTo.

The following walkthrough was done on a Mandrake 8.2 Linux system,
running a custom built 2.4.20rc1 kernel, patched with CTX-14 patches
from the 0.21 release of VServer. Packages installed: 0.21 vserver
base/admin, quota-tools 3.07.

In this example, /dev/vg is the LVM volume group providing the
separate partition /dev/vg/part1 for the to-be-moved virtual
server TE01.

  1. Prerequisites

    You will require at least the following to use/enable quota
    support on your system:

    • quota support for the filesystem you want to use.
    • a patched kernel (quota, vserver, lvm?)
    • the quota-tools compiled for this kernel.
    • a free partition, the size for one virtual server.
    • a good idea what quota is, and how to use the tools.

  2. Required Modifications

    There are no special modifications required, but I would
    strongly suggest to modify the vserver script with the
    following patch, to leave the directory before executing
    the post-stop script ...

    ----------------- patch me -----------------
    --- /usr/sbin/vserver	    	Fri Nov  8 21:21:43 2002
    +++ /usr/sbin/vserver.patched	Fri Nov  8 21:21:30 2002
    @@ -500,6 +500,7 @@
     	# We umount anyway, because "enter" establish the mount
     	# but when you exit, the server is considered not running
     	umountproc /vservers/$1
    +	cd /
     	test -x /etc/vservers/$1.sh && /etc/vservers/$1.sh post-stop $1
     	ifconfig_iproot_off $1
     elif [ "$2" = "restart" ] ; then
    ----------------- patch me -----------------
  3. Server Setup/Move

    This step assumes that you want to move your existing virtual
    server TE01 on a separate partition /dev/vg/part1, and enable
    quota support for that partition. If you either do not have an
    existing server or already moved/created one on a separate
    partition, you have to adjust and/or leave out the appropriate

    1. stop the virtual server
      # vserver TE01 stop
    2. create filesystem and mountpoint
      # mke2fs -j /dev/vg/part1
      # mkdir /vservers/LV01
      # mount /dev/vg/part1 /vservers/LV01
    3. copy the virtual server and the configuration
      # cp -a /vservers/TE01/. /vservers/LV01/
      # cp -a /etc/vservers/TE01.conf /etc/vservers/LV01.conf
    4. create/modify the start/stop scripts
      ----------------- /etc/vservers/LV01.sh -----------------
      case $1 in
      	e2fsck -p /dev/vg/part1
      	mount /dev/vg/part1 /vservers/LV01
      	rm -f /vservers/LV01/dev/hdv1
      	cp -fa  /dev/vg/part1 /vservers/LV01/dev/hdv1
      	mount -o remount,ro /vservers/LV01
      	umount /vservers/LV01
      	echo $0 pre-start
      	echo $0 pre-stop
      	echo $0 post-start
      	echo $0 post-stop
      ----------------- /etc/vservers/LV01.sh -----------------
    5. change the server mtab file
      /dev/hdv1 / ext3 rw,usrquota,grpquota 0 0
    6. if not already done, install the quota-tools for the virtual server
      # vrpm LV01 -- -i quota-3.07-1.i586.rpm
    7. start the server and change into it
      # vserver LV01 start
      # vserver LV01 enter
    8. run the quotacheck tool
      # quotacheck -maug
    9. take a look at the quota report
      # repquota -aug
      *** Report for user quotas on device /dev/hdv1
      Block grace time: 7days; Inode grace time: 7days
       		      Block limits	       File limits
      User            used  soft  hard  grace  used  soft  hard  grace
      root      --  249712     0     0	12146	  0	0
      rpm       --   13124     0     0	   71	  0	0
      apache    --     980     0     0	  235	  0	0
      rpcuser   --       4     0     0	    1	  0	0
      *** Report for group quotas on device /dev/hdv1
      Block grace time: 7days; Inode grace time: 7days
       		      Block limits             File limits
      Group           used  soft  hard  grace  used  soft  hard  grace
      root      --  248964     0     0        12102	  0	0
      daemon    --       4     0     0            1	  0	0
      tty       --      16     0     0            2	  0	0
    10. live happily ever after using quota wisely ...

  4. Advantages and Disadvantages

    This approach gives you several advantages and has some
    drawbacks and security hazards.Advantages are:

    • no need to modify tools or kernel regarding quota.
    • fixed maximum hard limit for each virtual server.
    • no security/access issues with files or partitions.
    • all quota settings can be done within the server.

    Disadvantages would/could be:

    • no unification across servers is possible.
    • changing the maximum size requires fs/partition resize.
    • filesystem caching is done for each partition.

    Security issues !!! (so far):

    • direct block device access to the partition.
      this has several implications ...
      • root can modify/replace the root filesystem at low levels.
      • root can create arbitrary device nodes, gaining access
        to any physical resource.
      • wiping out the mounted (root) filesystem will probably
        harm the kernel.

visits to this page.

©2002 Herbert P÷tzl