How to set user-quotas in vsftpd
Hi all, If you administer a FTP server, you should make sure that some users do not claim all the disk space for themselves by storing large files .
To achieve this, it is useful to work with user quotas – that means, we restrict the possible amount of data to be deposited per user.
Requirements
The ftp server vsftpd
The program adduser
The program quota
All programs are included in the standard repositories of Linux distributions.
Once all programs have been installed, we change two parameters in the /etc/vsftpd.conf (path may differ from distribution to distribution)
chroot_local_user = YES / / the users can not leave their home directory.
write_enable = YES / / the users can write in their home directory
To use user quotas, parameters must be specified specified when mounting the device. It is therefore advisable to mount an separate drive for FTP directories.
This may be a loop device or a physical drive or a partition.
Implementation
For this example, i will use a loop device
1. Create a folder for the loop device
mkdir /usr/loop_device
2. Create a 50MB file
dd if = /dev /zero of = /usr/loop_device/ld1 bs = 1024 count = 50000
3. Create a file system on it
mkfs.ext4 /usr/loop_device/ld1
4. Create a directory for the ftp user
mkdir /home_ftp
5. And mount the Loopdevice it
a. add the following entry to the /etc/fstab
/usr/loop_device/ld1 /home_ftp/ ext4 rw,loop,usrquota,grpquota 0 0
b. mount the directory
mount -a
6. Create a test user now
adduser testftp –home /home_ftp/testftp
With the –home parameter, the directory for the user is created automaticly and the permissions are set to correctly
7. Set quotas for users
edquota -u testftp
There, enter under "hard" 5000 – that means, the user "testftp" can now write only 5000 kbytes to his home directory
you can check the settings with the command
repquota -st /home_ftp/
8. Function test
Try to deploy from the client 2 files – one file with 3MB and one file with 6MB
ftp> mput testfile_3mb
mput testfile_3mb? y
200 PORT command successful.
Consider using PASV. 150 Ok to send data. 226 Transfer complete. 3072000 bytes sent in 00:01 secs (242522.2 kB / s)
ftp> mput testfile_6mb
mput testfile_6mb? y
200 PORT command successful.
Consider using PASV. 150 Ok to send data. netout: Connection reset by peer 451 Failure writing to local file.
Note: This does not work only with user quotas. You can use group quotas as well and you can use finer settings (e.g. soft quotas). My experience shows, that in 90% of all cases only a simple size limit is necessary :).