Managing Users in LTSP
Server Training - Linux Terminal Server

When you have a large number of users on a server it is important that you manage both the number of processes that they can use and the amount of space that they can consume.

 

Related Links
LTSP Set Up on Ubuntu 8.04
LTSP Client
Managing Users in LTSP
Samba with LTSP on Ubuntu 8.04
Troubleshooting LTSP
UFW Firewall for LTSP

Limiting Processes
With unlimited processes a user could consume a huge a mount of resources from the server and even crash the server by opening hundreds of programs.  You need to restrict the use of processes to a reasonable level.  This is easily done by editing a file in /etc/security.limits.conf.  There are a lot of options here but the two most important for a Linux Terminal Server are the max number of processes and the max number of logins.  The other feature you see here is that you can restrict these on groups or on individuals.  Create a group like "students" and put all of the students in that group so you can control all of them the same way easily.  In a school system I typically will limit the number of processes students can use to 45 with this setting:

@students   hard   nproc 45

 

This will allow students to open multiple programs but still be restricted from running 50copies of OpenOffice.

The other setting I make is to limit logins.  If you allow people multiple logins they will leave logins open all over the place.

@students    maxlogins 1

You  can create other groups and also make different settings for individuals by placing the user name to start the line:

fred        hard    nproc 65

 

Limiting Disk Space with Quotas

You must place limits on disk space or users will consume all tha tis available.  If your /home directory is a part of the / partition you may see your server crash when they fill it up.

Setup User Quotas

The edquota command is what you will use to edit a users quota. This command actually edits the aquota.user file if you are editing for users and the aquota.group file if you will be setting limits on groups.

edquota -u fred

This command will open up fredś quota file which has seven columns. The top of the file will list the userś name and UID.

The first column will list the directory file system. This is usually in the format of the partition that the quotas are on. An example:

/dev/hda6

The second column lists the number of blocks that are currently used by the user. These are 1KB blocks. An example:
4485296

This is almost 4.5 GB.

The next two columns represent the soft and hard limits for the users. 0 means that the user has no limits. 4000000 in the soft limit means that when the user reaches 4 GB they will activate a message that they are in violation of their quota. The grace period set in days gives this user the opportunity to make changes to move under the soft limit. Once the grace period is over, the user will be forced to make the necessary changes.

The hard limit represents a boundary that the user will not be able to cross. Administrators do not need to set hard limits unless the grace period is used. If an administrator does not use the grace period the result will be that the soft limit will be the boundary for users.

Typically, users appreciate a reasonable boundary with a warning system so that in the middle of an important project they are not forced with deleting data before they can save. Of course there are always the users that will push it to the limit.

 

1. Add a User
# useradd tom

2. Edit /etc/fstab to enable user quotas
Any time you edit the /etc/fstab you should have a backup in case you make a mistake...you have been warned!

This example shows a separate /home directory has been created.  If you only have one partition / then you will have to place the quotas on that partition.  You must place quotas on partitions not directories.

# vi /etc/fstab
/dev/VolGroup00/LogVol00 /home ext3 defaults 1 1

Now change the default line above which is for a Logical Volume to the one below which enables quotas.

/dev/VolGroup00/LogVol00 /home ext3 usrquota 1 1

Save the change and then remount the /home directory.

sudo touch /home/aquota.user
sudo chmod 600 /home/aquota.user
mount -o remount /home
quotacheck -avugm
quotaon -avug


You may have to restart the system to get it all to work.

 

 

Setup group Quotas

The edquota command may also be used to create group limits on space used. The -g option will provide this feature.

edquota -g sales

The first thing to do is to make sure the group has been created. In the example, office group is used to create a limit for the whole of office users. Note this is a SCSI drive in the example not a IDE drive.

Any time you edit the /etc/fstab you should have a backup in case you make a mistake...you have been warned!

Disk quotas for group sales (gid 509):

Filesystem       blocks       soft        hard        inodes   soft   hard /dev/sdc1         34000      35000       40000        234        0       0

The quotacheck command must be run on a regular basis to maintain the quotas that have been set.

 

 


Copyright CyberMontana Inc. and BeginLinux.com
All rights reserved. Cannot be reproduced without written permission. Box 1262 Trout Creek, MT 59874