= Software Configuration =
== Quota OpenSSH ===== 32-bit Project Identifier Support ===We need to enable 32-bit project identifier support (PROJID32BIT feature) for our naming scheme (uid numbers larger than 65'536)Configure the OpenSSH daemon: mkfs.xfs '''-i projid32bit<source lang=1''' "bash">vi /devetc/ssh/sshd_config</vdb1source>
=== Mount ===Make sure, that you have user quota (uqota) and project quota (pquota) set as Set following options on the chosen mount point in /etc/fstab. For example: /dev/vdb1 /var/backup <source lang="bash">PubkeyAuthentication yesPasswordAuthentication yesUsePAM yesSubsystem xfs noatime,uquota,pquota sftp 0 0internal-sftp</source>
=== Verify ===Some important options for xfs_quota:* Make sure, that <code>Subsystem sftp internal-x: Enable expert mode.* -c: Pass arguments on sftp</code> is the command last line. Multiple arguments may be givenin the configuration file.
Remount We want to reduce the file system numbers of chroot environments in one folder. As the <code>ChrootDirectory</varcode> configuration option only allows <code>%h</backup code> (home directory of the user) and check<code>%u</code> (username of the user), if we need to create the necessary matching rules in the form of:<source lang="bash">Match User *000 ChrootDirectory /var/backup has the desired values:/000/%u xfs_quota -x -c state AuthorizedKeysFile /var/backup/000/%u/%h/.ssh/authorized_keysMatchMatch User *001 ChrootDirectory /var/backup/001/%u AuthorizedKeysFile /var/backup/001/%u/%h/.ssh/authorized_keysMatch...Match User *999 ChrootDirectory /var/backup/999/%u AuthorizedKeysFile /var/backup/999/%u/%h/.ssh/authorized_keysMatch</source>
As you can see (items marked bold), we have achieved our goalThe creation of the matching rules is done by executing the following bash commands: User quota state on /var/backup (/dev/vdb1)<source lang="bash"> Accounting: '''ON''' Enforcement: '''ON''' Inode: #131 (3 blocks, 2 extents) Group quota state on FILE=/varetc/backup (ssh/dev/vdb1) Accounting: OFF Enforcement: OFF Inode: #809717 (1 blocks, 1 extents) Project quota state on /var/backup (/dev/vdb1) Accounting: '''ON''' Enforcement: '''ON''' Inode: #809717 (1 blocks, 1 extents) Blocks grace time: [7 days 00:00:30] Inodes grace time: [7 days 00:00:30] Realtime Blocks grace time: [7 days 00:00:30]sshd_config;
=== User Quotas ======= Adding a User Quota ====Set a quota of 1 Gigabyte for the user 4000187 (the values are x in kilobytes, so 1048576 kilobyte are 1024 megabytes which corresponds to 1 gigabyte):{0..999} ; do \ printf "Match User *%03d\n" $x >> ${FILE}; \ printf " xfs_quota -ChrootDirectory /var/backup/%03d/%%u\n" $x -c 'limit bhard=1048576k 4000187' >> ${FILE}; \ printf " AuthorizedKeysFile /var/backup/%03d/%%u/%%h/.ssh/authorized_keys\n" $x >> ${FILE}; \ printf "Match\n" >> ${FILE}; \done</source>
Or in bytes: xfs_quota -x -c Don'limit bhard=1073741824 4000187' /var/backup Read the quota information for the user 4000187: xfs_quota -x -c 'quota -v -N -u 4000187' /var/backup /dev/vdb1 0 0 1048576 00 [--------] /var/backup If the user has data in the project, that belongs t forget to him, restart the result will changeOpenSSH daemon: /dev/vdb1 512000 0 1048576 00 [--------] /var/backup <source lang==== Modifiying a User Quota ====To modify a users quota, you just set a new quota (limit): xfs_quota -x -c 'limit bhard=1048576k 4000187' /var/backup Read the quota information for the user 4000187: xfs_quota -x -c 'quota -v -N -u 4000187' /var/backup /dev/vdb1 0 0 1048576 00 [--------] /var/backup If the user has data in the project, that belongs to him, the result will change: /dev/vdb1 512000 0 1048576 00 [--------] /var/backup ==== Removing a User Quota ====Removing a quota for a user: xfs_quota -x -c 'limit bhard=0 4000187' /var/backup The following command should give you an empty result: xfs_quota -x -c 'quota -v -N -u 4000187' /var/backup === Project (Directory) Quotas ======= Adding a Project (Directory) Quota ====The XFS file system additionally allows you to set quotas on individual directory hierarchies in the file system that are known as managed trees. Each managed tree is uniquely identified by a project ID and an optional project name. We'll use the following values in the examples:* project_ID: The uid of the online backup account (4000187).* project_name: The uid of the online backup account (4000187). This could be a human readable name.* mountpoint: The mountpoint of the xfs-filesystem (/var/backup). See the <code>/etc/fstab</code> entry from above.* directory: The directory of the project (187/4000187), starting from the mountpoint of the xfs-filesystem (/var/backup). Define a unique project ID for the directory hierarchy in the <code>/etc/projects</code> file (project_ID:mountpoint/directory): echo "4000187:/var/backup/187/4000187/home/4000187bash" >> /etc/projects Create an entry in the <code>/etc/projid</code> file that maps a project name to the project ID (project_name:project_ID): echo "4000187:4000187" >> /etc/projid Set Project: xfs_quota -x -c 'project -s -p /var/backup/187/4000187/home/4000187 4000187' /var/backup Set Quota (limit) on Project: xfs_quota -x -c 'limit -p bhard=1048576k 4000187' /var/backup Check your Quota (limit) xfs_quota -x -c 'quota -p 4000187' /var/backup Check the Quota:* <code>-v</code>: increase verbosity in reporting (also dumps zero values)init.* <code>-N<d/code>: suppress the initial header.sshd restart* <code>-p</codesource>: display project quota information.* <code>-h</code>: human readable format. xfs_quota -x -c 'quota -v -N -p 4000187' /var/backup /dev/vdb1 0 0 1048576 00 [--------] /var/backup If you copied data into the project, the output will look something like: /dev/vdb1 512000 0 1048576 00 [--------] /var/backup To give you an overall view of the whole system: xfs_quota -x -c report /var/backup <pre>User quota on /var/backup (/dev/vdb1) Blocks User ID Used Soft Hard Warn/Grace ---------- -------------------------------------------------- root 1024000 0 0 00 [--------]4000187 0 0 1048576 00 [--------] Project quota on /var/backup (/dev/vdb1) Blocks Project ID Used Soft Hard Warn/Grace ---------- -------------------------------------------------- 4000187 512000 0 1048576 00 [--------]</pre> ==== Modifying a Project (Directory) Quota ====To modify a project (directory) quota, you just set an new quota (limit) on the chosen project: xfs_quota -x -c 'limit -p bhard=1048576k 4000187' /var/backup Check your quota (limit) xfs_quota -x -c 'quota -p 4000187' /var/backup ==== Removing a Project (Directory) Quota ====Removing a quota from a project: xfs_quota -x -c 'limit -p bhard=0 4000187' /var/backup Chreck the results: xfs_quota -x -c report /var/backup <pre>User quota on /var/backup (/dev/vdb1) Blocks User ID Used Soft Hard Warn/Grace ---------- -------------------------------------------------- root 512000 0 0 00 [--------]4000187 0 0 1024 00 [--------]</pre> As you can see, the line with the Project ID 4000187 has disappeared: 4000187 512000 0 1048576 00 [--------] Don't forget to remove the project from <code>/etc/projects</code> and <code>/etc/projid</code>: sed -i -e '/4000187/d' /etc/projects sed -i -e '/4000187/d' /etc/projid === Some important notes concerning XFS ===# The '''quotacheck''' command has no effect on XFS filesystems. The first time quota accounting is turned on (at mount time), XFS does an automatic quotacheck internally; afterwards, the quota system will always be completely consistent until quotas are manually turned off. # There is '''no need for quota file(s)''' in the root of the XFS filesystem.
== OpenLDAP ==