Quota subsystem

Quota subsystem allows system administrator to set limits on used space andnumber of used inodes (inode is a filesystem structure which is associated witheach file or directory) for users and/or groups. For both used space and numberof used inodes there are actually two limits. The first one is called softlimitand the second one hardlimit. A user can never exceed a hardlimit for anyresource (unless he has CAP_SYS_RESOURCE capability). User is allowed to exceedsoftlimit but only for limited period of time. This period is called “graceperiod” or “grace time”. When grace time is over, user is not able to allocatemore space/inodes until he frees enough of them to get below softlimit.

Quota limits (and amount of grace time) are set independently for eachfilesystem.

For more details about quota design, see the documentation in quota-tools package(https://sourceforge.net/projects/linuxquota).

Quota netlink interface

When user exceeds a softlimit, runs out of grace time or reaches hardlimit,quota subsystem traditionally printed a message to the controlling terminal ofthe process which caused the excess. This method has the disadvantage thatwhen user is using a graphical desktop he usually cannot see the message.Thus quota netlink interface has been designed to pass information aboutthe above events to userspace. There they can be captured by an applicationand processed accordingly.

The interface uses generic netlink framework (seehttps://lwn.net/Articles/208755/ andhttp://www.infradead.org/~tgr/libnl/ formore details about this layer). The name of the quota generic netlink interfaceis “VFS_DQUOT”. Definitions of constants below are in <linux/quota.h>. Sincethe quota netlink protocol is not namespace aware, quota netlink messages aresent only in initial network namespace.

Currently, the interface supports only one message type QUOTA_NL_C_WARNING.This command is used to send a notification about any of the above mentionedevents. Each message has six attributes. These are (type of the argument isin parentheses):

QUOTA_NL_A_QTYPE (u32)

  • type of quota being exceeded (one of USRQUOTA, GRPQUOTA)

QUOTA_NL_A_EXCESS_ID (u64)

  • UID/GID (depends on quota type) of user / group whose limitis being exceeded.

QUOTA_NL_A_CAUSED_ID (u64)

  • UID of a user who caused the event

QUOTA_NL_A_WARNING (u32)

  • what kind of limit is exceeded:

    QUOTA_NL_IHARDWARN

    inode hardlimit

    QUOTA_NL_ISOFTLONGWARN

    inode softlimit is exceeded longerthan given grace period

    QUOTA_NL_ISOFTWARN

    inode softlimit

    QUOTA_NL_BHARDWARN

    space (block) hardlimit

    QUOTA_NL_BSOFTLONGWARN

    space (block) softlimit is exceededlonger than given grace period.

    QUOTA_NL_BSOFTWARN

    space (block) softlimit

  • four warnings are also defined for the event when user stopsexceeding some limit:

    QUOTA_NL_IHARDBELOW

    inode hardlimit

    QUOTA_NL_ISOFTBELOW

    inode softlimit

    QUOTA_NL_BHARDBELOW

    space (block) hardlimit

    QUOTA_NL_BSOFTBELOW

    space (block) softlimit

QUOTA_NL_A_DEV_MAJOR (u32)

  • major number of a device with the affected filesystem

QUOTA_NL_A_DEV_MINOR (u32)

  • minor number of a device with the affected filesystem