Enabling Second-Level Quotas for Openvz containers
The parameter that controls the second-level disk quotas is
QUOTAUGIDLIMIT in the Container configuration file. By default, the
value of this parameter is zero and this corresponds to disabled
per-user and per-group quotas.
If you assign a non-zero value to the QUOTAUGIDLIMIT parameter, this action brings about the two following results:
Second-level (per-user and per-group) disk quotas are enabled for the given Container;
The value that you assign to this parameter will be the limit for the
number of file owners and groups of this Container, including Linux
system users. Note that you will theoretically be able to create extra
users of this Container, but if the number of file owners inside the
Container has already reached the limit, these users will not be able to
Enabling per-user and per-group quotas for a Container requires
restarting the Container. The value for it should be carefully chosen;
the bigger value you set, the bigger kernel memory overhead this
Container creates. This value must be greater than or equal to the
number of entries in the Container /etc/passwd and /etc/group files.
Taking into account that a newly created Red Hat Linux-based Container
has about 80 entries in total, the typical value would be 100. However,
for Containers with a large number of users this value may be increased.
When managing the quotaugidlimit parameter, please keep in mind the following:
If you delete a registered user but some files with their ID continue
residing inside your Container, the current number of ugids (user and
group identities) inside the Container will not decrease.
If you copy an archive containing files with user and group IDs not
registered inside your Container, the number of ugids inside the
Container will increase by the number of these new IDs.
The session below turns on second-level quotas for Container 101:
# vzctl set 101 --quotaugidlimit 100 --save
Unable to apply new quota values: ugid quota not initialized
Saved parameters for Container 101
You have to stop the container and start it again to reflect the changes as the values cannot be updated to a running container.
# vzctl stop 101;
Stopping Container ...
Container was stopped
Container is unmounted
#vzctl start 101
Starting Container ...
Container is mounted
Adding IP address(es): 192.168.1.101
Hostname for Container set: ct101
Container start in progress...
Inorder to check if the parameter is correctly enabled in the container, Issue the command in the hardware node :
grep -i QUOTAUGIDLIMIT /etc/sysconfig/vz-scripts/CT_ID.conf
If you get the respected qoutaaugidlimt value it is enabled
If you get an empty result, or a result of zero, second-level quotas are not supported by this environment.