LDF303 - Gestion du Noyau et des Quotas

Le noyau ou kernel est la partie du système d'exploitation qui gère les entrées/sorties avec des périphériques. Dans certains cas il est préférable de recompiler le noyau de Linux. La motivation de cette recompilation peut être :

• la diminution de la taille du noyau,
• la prise en charge de nouveau matériel,
• l'ajout de fonctionnalités,
• l'optimisation du code,
• la correction de bogues,
• le besoin d'une fonctionnalité expérimentale.

Commencez par identifier le noyau utilisé par votre machine :

root@debian8:~# uname -r
3.16.0-4-amd64

Dans le cas d'une utilisation courante de Linux, il est cependant préférable de faire appel aux modules. Les modules se trouvent dans le répertoire /lib/modules/<version-du-noyau> :

root@debian8:~# ls /lib/modules/`uname -r`/
kernel		   modules.builtin	modules.dep.bin  modules.softdep
modules.alias	   modules.builtin.bin	modules.devname  modules.symbols
modules.alias.bin  modules.dep		modules.order	 modules.symbols.bin

Les commandes pour manipuler les modules sont :

• insmod
• rmmod
• lsmod
• modprobe

Par exemple :

root@debian8:~# lsmod
Module                  Size  Used by
cfg80211              405538  0 
rfkill                 18867  1 cfg80211
nfsd                  263032  2 
auth_rpcgss            51211  1 nfsd
oid_registry           12419  1 auth_rpcgss
nfs_acl                12511  1 nfsd
nfs                   188136  0 
lockd                  83389  2 nfs,nfsd
fscache                45542  1 nfs
sunrpc                237402  6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl
crc32_pclmul           12915  0 
aesni_intel           151423  0 
joydev                 17063  0 
aes_x86_64             16719  1 aesni_intel
lrw                    12757  1 aesni_intel
gf128mul               12970  1 lrw
glue_helper            12695  1 aesni_intel
i2c_piix4              20864  0 
ablk_helper            12572  1 aesni_intel
cryptd                 14516  2 aesni_intel,ablk_helper
ppdev                  16782  0 
i2c_core               46012  1 i2c_piix4
serio_raw              12849  0 
evdev                  17445  7 
pcspkr                 12595  0 
parport_pc             26300  0 
snd_intel8x0           34948  0 
snd_ac97_codec        118711  1 snd_intel8x0
snd_pcm                88662  2 snd_ac97_codec,snd_intel8x0
snd_timer              26614  1 snd_pcm
snd                    65244  4 snd_ac97_codec,snd_intel8x0,snd_timer,snd_pcm
ac                     12715  0 
soundcore              13026  1 snd
video                  18096  0 
battery                13356  0 
ac97_bus               12510  1 snd_ac97_codec
parport                35749  2 ppdev,parport_pc
button                 12944  0 
processor              28221  0 
thermal_sys            27642  2 video,processor
fuse                   83350  1 
autofs4                35529  2 
ext4                  473801  1 
crc16                  12343  1 ext4
mbcache                17171  1 ext4
jbd2                   82514  1 ext4
hid_generic            12393  0 
usbhid                 44460  0 
hid                   102264  2 hid_generic,usbhid
sr_mod                 21903  0 
cdrom                  47424  1 sr_mod
ohci_pci               12808  0 
sg                     29973  0 
sd_mod                 44356  3 
crc_t10dif             12431  1 sd_mod
crct10dif_generic      12581  0 
ata_generic            12490  0 
ohci_hcd               42982  1 ohci_pci
ehci_pci               12512  0 
ehci_hcd               69837  1 ehci_pci
ata_piix               33592  0 
e1000                 122545  0 
ahci                   33334  2 
libahci                27158  1 ahci
crct10dif_pclmul       13387  1 
crct10dif_common       12356  3 crct10dif_pclmul,crct10dif_generic,crc_t10dif
usbcore               195468  5 ohci_hcd,ohci_pci,ehci_hcd,ehci_pci,usbhid
usb_common             12440  1 usbcore
crc32c_intel           21809  0 
libata                177508  4 ahci,libahci,ata_generic,ata_piix
scsi_mod              191405  4 sg,libata,sd_mod,sr_mod
psmouse                99249  0

Pour ajouter un module, on peut utiliser la commande insmod ou modprobe. Cette dernière ajoute non seulement le module passé en argument mais également ses dépendances :

root@debian8:~# modprobe bonding
root@debian8:~# lsmod | more
Module                  Size  Used by
bonding               124989  0 
cfg80211              405538  0 
rfkill                 18867  1 cfg80211
nfsd                  263032  2 
auth_rpcgss            51211  1 nfsd
oid_registry           12419  1 auth_rpcgss
nfs_acl                12511  1 nfsd
nfs                   188136  0 
lockd                  83389  2 nfs,nfsd
fscache                45542  1 nfs
sunrpc                237402  6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl
crc32_pclmul           12915  0 
aesni_intel           151423  0 
joydev                 17063  0 
aes_x86_64             16719  1 aesni_intel
lrw                    12757  1 aesni_intel
gf128mul               12970  1 lrw
glue_helper            12695  1 aesni_intel
i2c_piix4              20864  0 
ablk_helper            12572  1 aesni_intel
cryptd                 14516  2 aesni_intel,ablk_helper
ppdev                  16782  0 
--More--

Pour supprimer un module, on peut utiliser la commande rmmod ou modprobe -r. Cette dernière essaie de supprimer les dépendances non-utilisées :

root@debian8:~# modprobe -r bonding
root@debian8:~# lsmod | more
Module                  Size  Used by
cfg80211              405538  0 
rfkill                 18867  1 cfg80211
nfsd                  263032  2 
auth_rpcgss            51211  1 nfsd
oid_registry           12419  1 auth_rpcgss
nfs_acl                12511  1 nfsd
nfs                   188136  0 
lockd                  83389  2 nfs,nfsd
fscache                45542  1 nfs
sunrpc                237402  6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl
crc32_pclmul           12915  0 
aesni_intel           151423  0 
joydev                 17063  0 
aes_x86_64             16719  1 aesni_intel
lrw                    12757  1 aesni_intel
gf128mul               12970  1 lrw
glue_helper            12695  1 aesni_intel
i2c_piix4              20864  0 
ablk_helper            12572  1 aesni_intel
cryptd                 14516  2 aesni_intel,ablk_helper
ppdev                  16782  0 
i2c_core               46012  1 i2c_piix4
--More--

Les dépendances des modules sont résolues par la commande modprobe grâce aux fichier /lib/modules/<version-du-noyau>/modules.dep. Ce dernier peut être créé manuellement grâce à la commande depmod :

root@debian8:~# more /lib/modules/`uname -r`/modules.dep
kernel/arch/x86/kernel/cpu/mcheck/mce-inject.ko:
kernel/arch/x86/kernel/msr.ko:
kernel/arch/x86/kernel/cpuid.ko:
kernel/arch/x86/kernel/iosf_mbi.ko:
kernel/arch/x86/crypto/glue_helper.ko:
kernel/arch/x86/crypto/aes-x86_64.ko:
kernel/arch/x86/crypto/camellia-x86_64.ko: kernel/crypto/xts.ko kernel/crypto/lr
w.ko kernel/crypto/gf128mul.ko kernel/arch/x86/crypto/glue_helper.ko
kernel/arch/x86/crypto/blowfish-x86_64.ko: kernel/crypto/blowfish_common.ko
kernel/arch/x86/crypto/twofish-x86_64.ko: kernel/crypto/twofish_common.ko
kernel/arch/x86/crypto/twofish-x86_64-3way.ko: kernel/arch/x86/crypto/twofish-x8
6_64.ko kernel/crypto/twofish_common.ko kernel/crypto/xts.ko kernel/crypto/lrw.k
o kernel/crypto/gf128mul.ko kernel/arch/x86/crypto/glue_helper.ko
kernel/arch/x86/crypto/salsa20-x86_64.ko:
kernel/arch/x86/crypto/serpent-sse2-x86_64.ko: kernel/crypto/xts.ko kernel/crypt
o/serpent_generic.ko kernel/crypto/lrw.ko kernel/crypto/gf128mul.ko kernel/arch/
x86/crypto/glue_helper.ko kernel/crypto/ablk_helper.ko kernel/crypto/cryptd.ko
kernel/arch/x86/crypto/aesni-intel.ko: kernel/arch/x86/crypto/aes-x86_64.ko kern
el/crypto/lrw.ko kernel/crypto/gf128mul.ko kernel/arch/x86/crypto/glue_helper.ko
 kernel/crypto/ablk_helper.ko kernel/crypto/cryptd.ko
kernel/arch/x86/crypto/ghash-clmulni-intel.ko: kernel/crypto/cryptd.ko
kernel/arch/x86/crypto/crc32c-intel.ko:
kernel/arch/x86/crypto/sha1-ssse3.ko:
--More--(0%)

Il est possible d'obtenir des informations sur un module grâce à la commande modinfo :

root@debian8:~# modinfo bonding
filename:       /lib/modules/3.16.0-4-amd64/kernel/drivers/net/bonding/bonding.ko
author:         Thomas Davis, tadavis@lbl.gov and many others
description:    Ethernet Channel Bonding Driver, v3.7.1
version:        3.7.1
license:        GPL
alias:          rtnl-link-bond
srcversion:     6BFE6BB1A9B8C86AEBC9487
depends:        
intree:         Y
vermagic:       3.16.0-4-amd64 SMP mod_unload modversions 
parm:           max_bonds:Max number of bonded devices (int)
parm:           tx_queues:Max number of transmit queues (default = 16) (int)
parm:           num_grat_arp:Number of peer notifications to send on failover event (alias of num_unsol_na) (int)
parm:           num_unsol_na:Number of peer notifications to send on failover event (alias of num_grat_arp) (int)
parm:           miimon:Link check interval in milliseconds (int)
parm:           updelay:Delay before considering link up, in milliseconds (int)
parm:           downdelay:Delay before considering link down, in milliseconds (int)
parm:           use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int)
parm:           mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp)
parm:           primary:Primary network device to use (charp)
parm:           primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp)
parm:           lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp)
parm:           ad_select:803.ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp)
parm:           min_links:Minimum number of available links before turning on carrier (int)
parm:           xmit_hash_policy:balance-xor and 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3, 3 for encap layer 2+3, 4 for encap layer 3+4 (charp)
parm:           arp_interval:arp interval in milliseconds (int)
parm:           arp_ip_target:arp targets in n.n.n.n form (array of charp)
parm:           arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp)
parm:           arp_all_targets:fail on any/all arp targets timeout; 0 for any (default), 1 for all (charp)
parm:           fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp)
parm:           all_slaves_active:Keep all frames received on an interfaceby setting active flag for all slaves; 0 for never (default), 1 for always. (int)
parm:           resend_igmp:Number of IGMP membership reports to send on link failure (int)
parm:           packets_per_slave:Packets to send per slave in balance-rr mode; 0 for a random slave, 1 packet per slave (default), >1 packets per slave. (int)
parm:           lp_interval:The number of seconds between instances where the bonding driver sends learning packets to each slaves peer switch. The default is 1. (uint)

Dernièrement, les fichiers dans le repertoire /etc/modprobe.d sont utilisés pour spécifier les options éventuelles à passer aux modules lors de leur chargement ainsi que les alias utilisés pour leur faire référence :

root@debian8:~# ls /etc/modprobe.d
fbdev-blacklist.conf  modesetting.conf

root@debian8:~# cat /etc/modprobe.d/fbdev-blacklist.conf 
# This file blacklists most old-style PCI framebuffer drivers.

blacklist arkfb
blacklist aty128fb
blacklist atyfb
blacklist radeonfb
blacklist cirrusfb
blacklist cyber2000fb
blacklist kyrofb
blacklist matroxfb_base
blacklist mb862xxfb
blacklist neofb
blacklist pm2fb
blacklist pm3fb
blacklist s3fb
blacklist savagefb
blacklist sisfb
blacklist tdfxfb
blacklist tridentfb
blacklist vt8623fb

Commencez par installer les paquets necessaires :

root@debian8:~# apt-get update

root@debian8:~# apt-get install build-essential kernel-package debconf-utils dpkg-dev debhelper ncurses-dev fakeroot
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'libncurses5-dev' instead of 'ncurses-dev'
The following extra packages will be installed:
  autopoint binutils dblatex docbook-dsssl docbook-utils docbook-xsl fonts-lmodern fonts-texgyre g++ g++-4.9 gcc gcc-4.9 gettext intltool-debian jadetex kernel-common
  libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan1 libasprintf-dev libatomic1 libc-dev-bin libc6-dev libcilkrts5 libdpkg-perl
  libfakeroot libfile-fcntllock-perl libfile-homedir-perl libfile-which-perl libgcc-4.9-dev libgettextpo-dev libgettextpo0 libitm1 liblsan0 libmail-sendmail-perl
  libosp5 libostyle1c2 libpoppler-qt4-4 libpotrace0 libptexenc1 libruby2.1 libsgmls-perl libsp1c2 libstdc++-4.9-dev libsynctex1 libsys-hostname-long-perl libtcl8.6
  libtinfo-dev libtk8.6 libtsan0 libubsan0 libunistring0 libxml2-utils libxss1 libyaml-0-2 libyaml-tiny-perl libzzip-0-13 linux-libc-dev lmodern make manpages-dev
  openjade po-debconf prerex preview-latex-style prosper ps2eps ruby ruby2.1 rubygems-integration sgmlspl sp tcl tcl8.6 tex-common tex-gyre texlive texlive-base
  texlive-bibtex-extra texlive-binaries texlive-extra-utils texlive-font-utils texlive-fonts-recommended texlive-fonts-recommended-doc texlive-generic-recommended
  texlive-latex-base texlive-latex-base-doc texlive-latex-extra texlive-latex-extra-doc texlive-latex-recommended texlive-latex-recommended-doc texlive-math-extra
  texlive-pictures texlive-pictures-doc texlive-pstricks texlive-pstricks-doc tipa tk tk8.6 vprerex xmlto xsltproc zip
Suggested packages:
  binutils-doc docbook graphicsmagick-imagemagick-compat imagemagick latex-cjk-all opensp texlive-lang-all texlive-lang-cyrillic texlive-xetex transfig dh-make
  docbook-dsssl-doc dbtoepub docbook-xsl-doc-html docbook-xsl-doc-pdf docbook-xsl-doc-text docbook-xsl-doc docbook-xsl-saxon fop libsaxon-java libxalan2-java
  libxslthl-java xalan debian-keyring g++-multilib g++-4.9-multilib gcc-4.9-doc libstdc++6-4.9-dbg gcc-multilib autoconf automake libtool flex bison gdb gcc-doc
  gcc-4.9-multilib gcc-4.9-locales libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan1-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg
  libquadmath0-dbg gettext-doc linux-source libncurses-dev glibc-doc ncurses-doc sgmls-doc libstdc++-4.9-doc make-doc doc-base libmail-box-perl ri ruby-dev bundler
  tcl-tclreadline perl-tk latexdiff latexmk dvidvi fragmaster lacheck purifyeps xindy chktex dvipng psutils t1utils libtcltk-ruby dot2tex xmltex
Recommended packages:
  uboot-mkimage wish
The following NEW packages will be installed:
  autopoint binutils build-essential dblatex debconf-utils debhelper docbook-dsssl docbook-utils docbook-xsl dpkg-dev fakeroot fonts-lmodern fonts-texgyre g++ g++-4.9
  gcc gcc-4.9 gettext intltool-debian jadetex kernel-common kernel-package libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan1
  libasprintf-dev libatomic1 libc-dev-bin libc6-dev libcilkrts5 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-homedir-perl libfile-which-perl libgcc-4.9-dev
  libgettextpo-dev libgettextpo0 libitm1 liblsan0 libmail-sendmail-perl libncurses5-dev libosp5 libostyle1c2 libpoppler-qt4-4 libpotrace0 libptexenc1 libruby2.1
  libsgmls-perl libsp1c2 libstdc++-4.9-dev libsynctex1 libsys-hostname-long-perl libtcl8.6 libtinfo-dev libtk8.6 libtsan0 libubsan0 libunistring0 libxml2-utils
  libxss1 libyaml-0-2 libyaml-tiny-perl libzzip-0-13 linux-libc-dev lmodern make manpages-dev openjade po-debconf prerex preview-latex-style prosper ps2eps ruby
  ruby2.1 rubygems-integration sgmlspl sp tcl tcl8.6 tex-common tex-gyre texlive texlive-base texlive-bibtex-extra texlive-binaries texlive-extra-utils
  texlive-font-utils texlive-fonts-recommended texlive-fonts-recommended-doc texlive-generic-recommended texlive-latex-base texlive-latex-base-doc texlive-latex-extra
  texlive-latex-extra-doc texlive-latex-recommended texlive-latex-recommended-doc texlive-math-extra texlive-pictures texlive-pictures-doc texlive-pstricks
  texlive-pstricks-doc tipa tk tk8.6 vprerex xmlto xsltproc zip
0 upgraded, 111 newly installed, 0 to remove and 0 not upgraded.
Need to get 793 MB of archives.
After this operation, 1,343 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
...
root@debian8:~# apt-get upgrade

Ajoutez l'utilisateur trainee au groupe src :

root@debian8:~# cat /etc/group | grep src
src:x:40:
root@debian8:~# gpasswd -a trainee src
Adding user trainee to group src
root@debian8:~# cat /etc/group | grep src
src:x:40:trainee

Créez une seule partition sur /dev/sdb :

root@debian8:~# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.25.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x5b6171fe.

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-41943039, default 2048): 
Last sector, +sectors or +size{K,M,G,T,P} (2048-41943039, default 41943039): 

Created a new partition 1 of type 'Linux' and of size 20 GiB.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

Créez maintenant un système de fichiers ext4 sur /dev/sdb1 :

root@debian8:~# mkfs.ext4 /dev/sdb1
mke2fs 1.42.12 (29-Aug-2014)
Creating filesystem with 5242624 4k blocks and 1310720 inodes
Filesystem UUID: 6e4ea901-a36d-4b3f-bbbf-eeea866fca40
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
	4096000

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done 

Montez /dev/sdb1 sur /mnt :

root@debian8:~# mount /dev/sdb1 /mnt

Copiez le contenu de /home vers /mnt :

root@debian8:~# cp -a /home/* /mnt

Démontez /dev/sdb1 et déplacez /home vers /root :

root@debian8:~# umount /mnt
root@debian8:~# mv /home /root

Identifiez l'UUID de /dev/sdb1 :

root@debian8:~# ls -l /dev/disk/by-uuid/ | grep sdb1
lrwxrwxrwx 1 root root 10 Aug 13 12:26 6e4ea901-a36d-4b3f-bbbf-eeea866fca40 -> ../../sdb1

Editez le fichier /etc/fstab en ajoutant la ligne pour le montage de /home :

/etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda1 during installation
UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 /               ext4    errors=remount-ro 0       1
# swap was on /dev/sda5 during installation
UUID=da5a77e9-344d-42aa-aed6-a38d381ba436 none            swap    sw              0       0
UUID=6e4ea901-a36d-4b3f-bbbf-eeea866fca40 /home		  ext4	  defaults	0 0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

Créez le point de montage /home :

root@debian8:~# mkdir /home

Montez /dev/sdb1 :

root@debian8:~# mount -a
root@debian8:~# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=61148,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=101232k,mode=755)
/dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=50616k,mode=700)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=50616k,mode=700,uid=1000,gid=1000)
/dev/sdb1 on /home type ext4 (rw,relatime,data=ordered)

Notez la taille de /home :

root@debian8:~# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       9.5G  5.7G  3.4G  63% /
udev             10M     0   10M   0% /dev
tmpfs            99M  4.8M   95M   5% /run
tmpfs           248M     0  248M   0% /dev/shm
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           248M     0  248M   0% /sys/fs/cgroup
tmpfs            50M     0   50M   0% /run/user/0
tmpfs            50M     0   50M   0% /run/user/1000
/dev/sdb1        20G   46M   19G   1% /home

Le code source est disponible sur le site www.kernel.org :

trainee@debian8:~$ wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.0.tar.xz
--2016-08-13 12:37:52--  https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.0.tar.xz
Resolving www.kernel.org (www.kernel.org)... 198.145.20.140, 199.204.44.194, 149.20.4.69, ...
Connecting to www.kernel.org (www.kernel.org)|198.145.20.140|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2016-08-13 12:37:53 ERROR 404: Not Found.

trainee@debian8:~$ wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.1.tar.xz
--2016-08-13 12:39:37--  https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.1.tar.xz
Resolving www.kernel.org (www.kernel.org)... 198.145.20.140, 199.204.44.194, 149.20.4.69, ...
Connecting to www.kernel.org (www.kernel.org)|198.145.20.140|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 80487456 (77M) [application/x-xz]
Saving to: ‘linux-3.16.1.tar.xz’

linux-3.16.1.tar.xz                       100%[=======================================================================================>]  76.76M  2.51MB/s   in 37s    

2016-08-13 12:40:15 (2.08 MB/s) - ‘linux-3.16.1.tar.xz’ saved [80487456/80487456]

Désarchivez le tar.xz que vous avez téléchargé :

trainee@debian8:~$ tar xvJf linux-3.16.1.tar.xz

Notez que l'occupation disque du code source du noyau 3.16.1 es de 634 Mo :

trainee@debian8:~$ du -hs ./linux-3.16.1
634M	./linux-3.16.1

Le fichier Makefile contient le nom du noyau et spécifie les informations suivantes :

• VERSION,
• PATCHLEVEL,
• SUBLEVEL,
• EXTRAVERSION.

Les trois premières informations sont gérées par kernel.org et Linus Torvalds en personne tandis que l'EXTRAVERSION est gérée par Debian :

trainee@debian8:~$ cat ./linux-3.16.1/Makefile | more
VERSION = 3
PATCHLEVEL = 16
SUBLEVEL = 1
EXTRAVERSION =
NAME = Museum of Fishiegoodies

# *DOCUMENTATION*
# To see a list of typical targets execute "make help"
# More info can be located in ./README
# Comments in this file are targeted only to the developer, do not
# expect to learn how to build the kernel reading this file.

# Do not:
# o  use make's built-in rules and variables
#    (this increases performance and avoids hard-to-debug behaviour);
# o  print "Entering directory ...";
MAKEFLAGS += -rR --no-print-directory

# Avoid funny character set dependencies
unexport LC_ALL
LC_COLLATE=C
LC_NUMERIC=C
export LC_COLLATE LC_NUMERIC

# Avoid interference with shell env settings
unexport GREP_OPTIONS

# We are using a recursive build, so we need to do a little thinking
# to get the ordering right.
#
# Most importantly: sub-Makefiles should only ever modify files in
# their own directory. If in some directory we have a dependency on
# a file in another dir (which doesn't happen often, but it's often
# unavoidable when linking the built-in.o targets which finally
# turn into vmlinux), we will call a sub make in that other dir, and
# after that we are sure that everything which is in that other dir
# is now up to date.
#
# The only cases where we need to modify files which have global
--More--

Utilisez maintenant la commande make defconfig pour créer le fichier de configuration .config :

trainee@debian8:~$ su -
Password: 
root@debian8:~# cd /home/trainee/linux-3.16.1/
root@debian8:/home/trainee/linux-3.16.1# make defconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/zconf.lex.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
In file included from scripts/kconfig/zconf.tab.c:2537:0:
scripts/kconfig/menu.c: In function ‘get_symbol_str’:
scripts/kconfig/menu.c:590:18: warning: ‘jump’ may be used uninitialized in this function [-Wmaybe-uninitialized]
     jump->offset = strlen(r->s);
                  ^
scripts/kconfig/menu.c:551:19: note: ‘jump’ was declared here
  struct jump_key *jump;
                   ^
  HOSTLD  scripts/kconfig/conf
*** Default configuration is based on 'x86_64_defconfig'
#
# configuration written to .config
#

Ce fichier est configuré par une des trois commandes suivantes :

• make config
• make menuconfig
• make xconfig

Dans ce fichier, vous pouvez constater la présence de lignes correspondantes à des fonctionalités suivies par une lettre ou une valeur. Dans le cas d'une lettre, la signification est la suivante :

• y
  • la fonctionalité est incluse dans le noyau monolithique ou dans le cas d'une dépendance d'un module, dans le module concerné,
• m
  • la fonctionalité est incluse en tant que module,
• n
  • la fonctionalité n'est pas incluse. Cette option est rarement visible car dans bien les cas, la fonctionalité est simplement commentée dans le fichier lui-même.

root@debian8:/home/trainee/linux-3.16.1# more .config 
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 3.16.1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
CONFIG_X86=y
CONFIG_INSTRUCTION_DECODER=y
CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_MMU=y
CONFIG_NEED_DMA_MAP_STATE=y
CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_ARCH_HAS_CPU_RELAX=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y
CONFIG_ARCH_WANT_GENERAL_HUGETLB=y
CONFIG_ZONE_DMA32=y
CONFIG_AUDIT_ARCH=y
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_HAVE_INTEL_TXT=y
CONFIG_X86_64_SMP=y
CONFIG_X86_HT=y
--More--(1%)

Dernièrement, attribuez le répertoire linux-3.16.1 et son contenu à l'utilisateur trainee et le groupe src :

root@debian8:/home/trainee/linux-3.16.1# chown -R trainee:src /home/trainee/linux-3.16.1

Cette commande permet d'effectuer un nettoyage avant toute nouvell compilation des sources du noyau :

root@debian8:/home/trainee/linux-3.16.1# make-kpkg clean
exec make kpkg_version=13.014+nmu1 -f /usr/share/kernel-package/ruleset/minimal.mk clean 
====== making target minimal_clean [new prereqs: ]======
This is kernel package version 13.014+nmu1.
test ! -f .config || cp -pf .config config.precious
test ! -e stamp-building || rm -f stamp-building
test ! -f Makefile || \
            make    ARCH=x86_64 distclean
make[1]: Entering directory '/home/trainee/linux-3.16.1'
  CLEAN   scripts/basic
  CLEAN   scripts/kconfig
  CLEAN   include/config include/generated
  CLEAN   .config
make[1]: Leaving directory '/home/trainee/linux-3.16.1'
test ! -f config.precious || mv -f config.precious .config
rm -f modules/modversions.h modules/ksyms.ver scripts/cramfs/cramfsck scripts/cramfs/mkcramfs 

La compilation du noyau peut prendre beaucoup de temps. La commande utilisée est la suivante :

root@debian8:/home/trainee/linux-3.16.1# exit
logout
trainee@debian8:~$ cd ./linux-3.16.1/
trainee@debian8:~/linux-3.16.1$ fakeroot make-kpkg --initrd --appen-to-version=i2tch kernel-image kernel-headers

A l'issu du processus, vous obtiendrez une sortie similaire à ce qui suit :

...
cp -pf debian/control debian/control.dist
k=`find /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch -type f | ( while read i; do                    \
          if file -b $i | egrep -q "^ELF.*executable.*dynamically linked" ; then \
            j="$j $i";                                                  \
           fi;                                                            \
        done; echo $j; )`; test -z "$k" || dpkg-shlibdeps $k;          \
        echo "Elf Files: $K" >              /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch/usr/share/doc/linux-headers-3.16.1i2tch/elffiles;          \
        test -n "$k" || perl -pli~ -e 's/\$\{shlibs:Depends\}\,?//g' debian/control
test ! -e debian/control~ || rm -f debian/control~
dpkg-gencontrol -isp -DArchitecture=amd64 -plinux-headers-3.16.1i2tch \
                                          -P/home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch/
dpkg-gencontrol: warning: -isp is deprecated; it is without effect
create_md5sums_fn () { cd $1 ; find . -type f ! -regex './DEBIAN/.*' ! -regex './var/.*'      -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums ; if [ -z "DEBIAN/md5sums" ] ; then rm -f "DEBIAN/md5sums" ; fi ; } ; create_md5sums_fn                   /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch
chown -R root:root                  /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch
chmod -R og=rX                      /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch
dpkg --build                        /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch ..
dpkg-deb: building package `linux-headers-3.16.1i2tch' in `../linux-headers-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb'.
cp -pf debian/control.dist          debian/control
make[2]: Leaving directory '/home/trainee/linux-3.16.1'
make[1]: Leaving directory '/home/trainee/linux-3.16.1'

Notez que la génération du nouveau noyau a consommé presque 1,2 Go d'espace disque :

trainee@debian8:~/linux-3.16.1$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       9.5G  5.7G  3.4G  63% /
udev             10M     0   10M   0% /dev
tmpfs            99M  4.8M   95M   5% /run
tmpfs           248M     0  248M   0% /dev/shm
tmpfs           5.0M  4.0K  5.0M   1% /run/lock
tmpfs           248M     0  248M   0% /sys/fs/cgroup
/dev/sdb1        20G  1.2G   18G   7% /home
tmpfs            50M     0   50M   0% /run/user/1000

Les paquets du nouveau noyau est les fichiers en-tête se trouvent dans le répertoire /home/trainee :

trainee@debian8:~/linux-3.16.1$ cd ..
trainee@debian8:~$ ls
Desktop    Downloads     linux-3.16.1.tar.xz                                           linux-image-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb  Pictures  Templates
Documents  linux-3.16.1  linux-headers-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb  Music                                                       Public    Videos

Installez maintenant les deux paquets linux-image et linux-headers :

root@debian8:~# dpkg -i /home/trainee/linux*.deb
Selecting previously unselected package linux-headers-3.16.1i2tch.
(Reading database ... 134500 files and directories currently installed.)
Preparing to unpack .../linux-headers-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb ...
Unpacking linux-headers-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ...
Selecting previously unselected package linux-image-3.16.1i2tch.
Preparing to unpack .../linux-image-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb ...
Done.
Unpacking linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ...
Setting up linux-headers-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ...
Examining /etc/kernel/header_postinst.d.
Setting up linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ...
Running depmod.
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
update-initramfs: Generating /boot/initrd.img-3.16.1i2tch
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-3.16.1i2tch
Found initrd image: /boot/initrd.img-3.16.1i2tch
Found linux image: /boot/vmlinuz-3.16.0-4-amd64
Found initrd image: /boot/initrd.img-3.16.0-4-amd64
done

Constatez la création d'un nouveau grub.cfg :

root@debian8:~# grep 3.16.1 /boot/grub/grub.cfg
	echo	'Loading Linux 3.16.1i2tch ...'
	linux	/boot/vmlinuz-3.16.1i2tch root=UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 ro  quiet
	initrd	/boot/initrd.img-3.16.1i2tch
	menuentry 'Debian GNU/Linux, with Linux 3.16.1i2tch' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.16.1i2tch-advanced-4a230056-285f-42f4-bfe0-5a73dbc5b745' {
		echo	'Loading Linux 3.16.1i2tch ...'
		linux	/boot/vmlinuz-3.16.1i2tch root=UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 ro  quiet
		initrd	/boot/initrd.img-3.16.1i2tch
	menuentry 'Debian GNU/Linux, with Linux 3.16.1i2tch (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.16.1i2tch-recovery-4a230056-285f-42f4-bfe0-5a73dbc5b745' {
		echo	'Loading Linux 3.16.1i2tch ...'
		linux	/boot/vmlinuz-3.16.1i2tch root=UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 ro single 
		initrd	/boot/initrd.img-3.16.1i2tch

Re-démarrez votre VM en utilisant le noyau d'origine. Connectez-vous en tant que l'utilisateur trainee via ssh :

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Sat Aug 13 12:36:26 2016 from 10.0.2.2
trainee@debian8:~$ su -
Password: 
root@debian8:~# 

Lister maintenant les noyaux installés :

root@debian8:~# dpkg -l | grep -i "linux-image*" | awk '{print $2}'
linux-image-3.16.0-4-amd64
linux-image-3.16.1i2tch
linux-image-amd64

Le noyau se désinstalle comme tout autre paquet :

root@debian8:~# apt-get purge "linux-image-3.16.1i2tch"
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages will be REMOVED:
  linux-image-3.16.1i2tch*
0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
After this operation, 9,251 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 147056 files and directories currently installed.)
Removing linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ...
Examining /etc/kernel/prerm.d.
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
update-initramfs: Deleting /boot/initrd.img-3.16.1i2tch
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
Generating grub configuration file ...
Found background image: /usr/share/images/desktop-base/desktop-grub.png
Found linux image: /boot/vmlinuz-3.16.0-4-amd64
Found initrd image: /boot/initrd.img-3.16.0-4-amd64
done
Purging configuration files for linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch

Vérifiez que le fichier grub.cfg a été modifié :

root@debian8:~# grep 3.16.1 /boot/grub/grub.cfg
root@debian8:~#

Dernièrement, listez les noyaux disponibles :

root@debian8:~# dpkg -l | grep -i "linux-image*" | awk '{print $2}'
linux-image-3.16.0-4-amd64
linux-image-amd64

Sous Linux il est possible de mettre en place des quotas par utilisateur et par groupe. Ceci étant, Linux ne sait pas gérer des quotas par répertoire, uniquement des quotas par partition. L'administrateur met souvent des quotas en place sur l'arborescence de /home pour limiter l'espace de stockage occupé par les utilisateurs.

Commencez par vérifiez que le paquet quota est bien installé :

root@debian8:~# dpkg --get-selections | grep quota
root@debian8:~# apt-get install quota
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  libnet-ldap-perl
The following NEW packages will be installed:
  quota
0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded.
Need to get 319 kB of archives.
After this operation, 1,580 kB of additional disk space will be used.
Get:1 http://ftp.fr.debian.org/debian/ jessie/main quota amd64 4.01-8+deb8u1 [319 kB]
Fetched 319 kB in 0s (1,884 kB/s)
Preconfiguring packages ...
Selecting previously unselected package quota.
(Reading database ... 146985 files and directories currently installed.)
Preparing to unpack .../quota_4.01-8+deb8u1_amd64.deb ...
Unpacking quota (4.01-8+deb8u1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u4) ...
Setting up quota (4.01-8+deb8u1) ...
Processing triggers for systemd (215-17+deb8u4) ...

Editez le fichier /etc/fstab en ajoutant les options usrquota et grpquota à la ligne /home :

root@debian8:~# vi /etc/fstab
root@debian8:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda1 during installation
UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 /               ext4    errors=remount-ro 0       1
# swap was on /dev/sda5 during installation
UUID=da5a77e9-344d-42aa-aed6-a38d381ba436 none            swap    sw              0       0
UUID=6e4ea901-a36d-4b3f-bbbf-eeea866fca40 /home		  ext4	  defaults,usrquota,grpquota	0 0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

Démontez puis remontez /home :

root@debian8:~# umount /home
root@debian8:~# mount -a

Vérifiez ensuite que les options soient prises en compte :

root@debian8:~# cat /etc/mtab
rootfs / rootfs rw 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
udev /dev devtmpfs rw,relatime,size=10240k,nr_inodes=61148,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
tmpfs /run tmpfs rw,nosuid,relatime,size=101232k,mode=755 0 0
/dev/sda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0
tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0
cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0
cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0
cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0
cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0
cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0
cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0
cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0
systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
mqueue /dev/mqueue mqueue rw,relatime 0 0
fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
rpc_pipefs /run/rpc_pipefs rpc_pipefs rw,relatime 0 0
tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=50616k,mode=700 0 0
/dev/sdb1 /home ext4 rw,relatime,quota,usrquota,grpquota,data=ordered 0 0

Pour activer les quotas sur /home, il convient d'utiliser la commande quotacheck :

root@debian8:~# quotacheck -cugvm -f /dev/sdb1
quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown.
quotacheck: Scanning /dev/sdb1 [/home] done
quotacheck: Cannot stat old user quota file /home/aquota.user: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old group quota file /home/aquota.group: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old user quota file /home/aquota.user: No such file or directory. Usage will not be subtracted.
quotacheck: Cannot stat old group quota file /home/aquota.group: No such file or directory. Usage will not be subtracted.
quotacheck: Checked 6754 directories and 64246 files
quotacheck: Old file not found.
quotacheck: Old file not found.

Les options de la commande quotacheck sont :

root@debian8:~# quotacheck --help
Utility for checking and repairing quota files.
quotacheck [-gucbfinvdmMR] [-F <quota-format>] filesystem|-a

-u, --user                check user files
-g, --group               check group files
-c, --create-files        create new quota files
-b, --backup              create backups of old quota files
-f, --force               force check even if quotas are enabled
-i, --interactive         interactive mode
-n, --use-first-dquot     use the first copy of duplicated structure
-v, --verbose             print more information
-d, --debug               print even more messages
-m, --no-remount          do not remount filesystem read-only
-M, --try-remount         try remounting filesystem read-only,
                          continue even if it fails
-R, --exclude-root        exclude root when checking all filesystems
-F, --format=formatname   check quota files of specific format
-a, --all                 check all filesystems
-h, --help                display this message and exit
-V, --version             display version information and exit

Bugs to jack@suse.cz

Les quotas ont été activés et les fichier aquota.user et aquota.group ont été créés dans le répertoire /home :

root@debian8:~# ls -la /home
total 44
drwxr-xr-x  4 root    root     4096 Aug 14 09:25 .
drwxr-xr-x 23 root    root     4096 Aug 13 15:38 ..
-rw-------  1 root    root     7168 Aug 14 09:25 aquota.group
-rw-------  1 root    root     7168 Aug 14 09:25 aquota.user
drwx------  2 root    root    16384 Aug 13 12:26 lost+found
drwxr-xr-x 18 trainee trainee  4096 Aug 13 13:31 trainee

Créez maintenant un utilisateur fenestros avec le mot de passe fenestros :

root@debian8:~# groupadd fenestros && useradd -m fenestros -c FenestrOs -d /home/fenestros -g fenestros -s /bin/bash
root@debian8:~# passwd fenestros
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

Mettez en place maintenant un quota de 10Mo pour l'utilisateur fenestros :

root@debian8:~# EDITOR=/usr/bin/vi
root@debian8:~# export EDITOR
root@debian8:~# edquota -u fenestros -f /home

L'éditeur vi se lance et vous obtiendrez un résultat similaire à celui-ci :

Disk quotas for user fenestros (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/sdb1                         0          0          0          0        0        0

Modifiez ce fichier ainsi :

Disk quotas for user fenestros (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/sdb1                         0       8000      10000          0        0        0

Les options de la commande edquota sont :

root@debian8:~# edquota --help
edquota: Usage:
	edquota [-rm] [-u] [-F formatname] [-p username] [-f filesystem] username ...
	edquota [-rm] -g [-F formatname] [-p groupname] [-f filesystem] groupname ...
	edquota [-u|g] [-F formatname] [-f filesystem] -t
	edquota [-u|g] [-F formatname] [-f filesystem] -T username|groupname ...

-u, --user                    edit user data
-g, --group                   edit group data
-r, --remote                  edit remote quota (via RPC)
-m, --no-mixed-pathnames      trim leading slashes from NFSv4 mountpoints
-F, --format=formatname       edit quotas of a specific format
-p, --prototype=name          copy data from a prototype user/group
    --always-resolve          always try to resolve name, even if it is
                              composed only of digits
-f, --filesystem=filesystem   edit data only on a specific filesystem
-t, --edit-period             edit grace period
-T, --edit-times              edit grace time of a user/group
-h, --help                    display this help text and exit
-V, --version                 display version information and exit

Bugs to: jack@suse.cz

Appliquez maintenant les quotas :

root@debian8:~# quotaon -a

Les options de la commande quotaon sont :

root@debian8:~# quotaon --help
quotaon: Usage:
	quotaon [-guvp] [-F quotaformat] [-x state] -a
	quotaon [-guvp] [-F quotaformat] [-x state] filesys ...

-a, --all                turn quotas on for all filesystems
-f, --off                turn quotas off
-u, --user               operate on user quotas
-g, --group              operate on group quotas
-p, --print-state        print whether quotas are on or off
-x, --xfs-command=cmd    perform XFS quota command
-F, --format=formatname  operate on specific quota format
-v, --verbose            print more messages
-h, --help               display this help text and exit
-V, --version            display version information and exit

De cette manière vous avez mis en place un quota souple pour fenestros de 8 000 Ko et un quota stricte de 10 000 Ko.

Quand l'utilisateur fenestros aura dépassé le quota souple, il recevra un message d'avertissement. Quand il dépasse le quota stricte, il ne pourra plus enregistrer dans /home, sauf dans le cas où il supprime des fichiers pour retomber en dessous de la limite stricte.

Il est à noter que vous pouvez soit mettre en place un quota en taille, soit mettre en place un quota basé sur le nombre d'inodes utilisés par l'utilisateur.

Pour visualiser les quotas utilisez la commande repquota :

root@debian8:~# repquota /home
*** Report for user quotas on device /dev/sdb1
Block grace time: 7days; Inode grace time: 7days
                        Block limits                File limits
User            used    soft    hard  grace    used  soft  hard  grace
----------------------------------------------------------------------
root      --      20       0       0              2     0     0       
trainee   -- 1125912       0       0          70998     0     0        
   

Les options de la commande repquota sont :

root@debian8:~# repquota --help
repquota: Utility for reporting quotas.
Usage:
repquota [-vugsi] [-c|C] [-t|n] [-F quotaformat] (-a | mntpoint)

-v, --verbose               display also users/groups without any usage
-u, --user                  display information about users
-g, --group                 display information about groups
-s, --human-readable        show numbers in human friendly units (MB, GB, ...)
-t, --truncate-names        truncate names to 9 characters
-p, --raw-grace             print grace time in seconds since epoch
-n, --no-names              do not translate uid/gid to name
-i, --no-autofs             avoid autofs mountpoints
-c, --batch-translation     translate big number of ids at once
-C, --no-batch-translation  translate ids one by one
-F, --format=formatname     report information for specific format
-h, --help                  display this help message and exit
-V, --version               display version information and exit

Bugs to jack@suse.cz

Pour visualiser les quotas d'un utilisateur spécifique, il convient d'utiliser la commande quota :

root@debian8:~# quota fenestros
Disk quotas for user fenestros (uid 1001): none
root@debian8:~# su - fenestros
fenestros@debian8:~$ touch test
fenestros@debian8:~$ exit
logout
root@debian8:~# quota fenestros
Disk quotas for user fenestros (uid 1001): 
     Filesystem  blocks   quota   limit   grace   files   quota   limit   grace
      /dev/sdb1      20    8000   10000               6       0       0              

Les options de la commande quota sont :

root@debian8:~# quota --help
quota: Usage: quota [-guqvswim] [-l | [-Q | -A]] [-F quotaformat]
	quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -u username ...
	quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -g groupname ...
	quota [-qvswugQm] [-F quotaformat] -f filesystem ...

-u, --user                display quota for user
-g, --group               display quota for group
-q, --quiet               print more terse message
-v, --verbose             print more verbose message
-s, --human-readable      display numbers in human friendly units (MB, GB...)
    --always-resolve      always try to translate name to id, even if it is
			  composed of only digits
-w, --no-wrap             do not wrap long lines
-p, --raw-grace           print grace time in seconds since epoch
-l, --local-only          do not query NFS filesystems
-Q, --quiet-refuse        do not print error message when NFS server does
                          not respond
-i, --no-autofs           do not query autofs mountpoints
-F, --format=formatname   display quota of a specific format
-f, --filesystem-list     display quota information only for given filesystems
-A, --nfs-all             display quota for all NFS mountpoints
-m, --no-mixed-pathnames  trim leading slashes from NFSv4 mountpoints
    --show-mntpoint       show mount point of the file system in output
    --hide-device         do not show file system device in output
-h, --help                display this help message and exit
-V, --version             display version information and exit

Bugs to: jack@suse.cz

La commande warnquota vérifie le ou les disques et envoie un message par mail à tout utilisateur qui a dépassé la limite soft. Elle est enrègle générale appelée par un job cron. Cependant elle peut aussi est appelée d'une manière intéractive.

Les options de la commande warnquota sont :

root@debian8:~# warnquota --help
warnquota: Usage:
  warnquota [-ugsid] [-F quotaformat] [-c configfile] [-q quotatabfile] [-a adminsfile] [filesystem...]

-u, --user                      warn users
-g, --group                     warn groups
-s, --human-readable            send information in more human friendly units
-i, --no-autofs                 avoid autofs mountpoints
-d, --no-details                do not send quota information itself
-F, --format=formatname         use quotafiles of specific format
-c, --config=config-file        non-default config file
-q, --quota-tab=quotatab-file   non-default quotatab
-a, --admins-file=admins-file   non-default admins file
-h, --help                      display this help message and exit
-v, --version                   display version information and exit

Bugs to jack@suse.cz

<html>

</html>