User quotas with vsftpd

Veröffentlicht am von

How to set user-quotas in vsftpd


Hi all, If you administer a FTP server, you should make sure that some users do not claim all the disk space for themselves by storing large files .
To achieve this, it is useful to work with user quotas – that means, we restrict the possible amount of data to be deposited per user.  

 

Requirements

The ftp server vsftpd
The program adduser
The program quota

All programs are included in the standard repositories of Linux distributions.
Once all programs have been installed, we change two parameters in the /etc/vsftpd.conf (path may differ from distribution to distribution)

chroot_local_user = YES / / the users can not leave their home directory.
write_enable = YES / / the users can write in their home directory

To use user quotas,  parameters  must be specified specified when mounting the device. It is therefore advisable to mount an separate drive for FTP directories.
This may be a loop device or a physical drive or a partition.

Implementation

For this example, i will use a loop device

1.    Create a folder for the loop device

mkdir /usr/loop_device

2.    Create a 50MB file

dd if = /dev /zero of = /usr/loop_device/ld1 bs = 1024 count = 50000

3.    Create a file system on it

mkfs.ext4 /usr/loop_device/ld1

4.     Create a directory for the ftp user

mkdir /home_ftp

5.     And mount the Loopdevice it

a.     add the following entry to the /etc/fstab

/usr/loop_device/ld1 /home_ftp/         ext4 rw,loop,usrquota,grpquota  0 0

b.     mount the directory

        mount -a

6.    Create a test user now

adduser testftp –home /home_ftp/testftp

With the –home parameter, the directory for the user is created automaticly and the permissions are set to correctly

7.    Set quotas for users

edquota -u testftp

edit_user_quotas

There, enter under "hard" 5000 – that means, the user "testftp" can now write only 5000 kbytes to his home directory

 you can check the settings with the command

 repquota  -st /home_ftp/

 show_user_quotas

8.     Function test

Try to deploy from the client 2 files – one file with 3MB and one file with 6MB

ftp> mput testfile_3mb
mput testfile_3mb? y
200 PORT command successful.
Consider using PASV. 150 Ok to send data. 226 Transfer complete. 3072000 bytes sent in 00:01 secs (242522.2 kB / s)
ftp> mput testfile_6mb
mput testfile_6mb? y
200 PORT command successful.
Consider using PASV. 150 Ok to send data. netout: Connection reset by peer 451 Failure writing to local file.

Note: This does not work only with user quotas. You can use group quotas as well and you can use finer settings (e.g. soft quotas). My experience shows, that in 90% of all cases only a simple size limit is necessary :).