Ceci est une ancienne révision du document !
Table des matières
Dernière mise-à-jour : 2020/03/01 08:25
LDF304 - Gestion du Noyau et des Quotas
Rôle du noyau
Le noyau ou kernel est la partie du système d'exploitation qui gère les entrées/sorties avec des périphériques. Dans certains cas il est préférable de recompiler le noyau de Linux. La motivation de cette recompilation peut être :
- la diminution de la taille du noyau,
- la prise en charge de nouveau matériel,
- l'ajout de fonctionnalités,
- l'optimisation du code,
- la correction de bogues,
- le besoin d'une fonctionnalité expérimentale.
Commencez par identifier le noyau utilisé par votre machine :
root@debian8:~# uname -r 3.16.0-4-amd64
Dans le cas d'une utilisation courante de Linux, il est cependant préférable de faire appel aux modules. Les modules se trouvent dans le répertoire /lib/modules/<version-du-noyau> :
root@debian8:~# ls /lib/modules/`uname -r`/ kernel modules.builtin modules.dep.bin modules.softdep modules.alias modules.builtin.bin modules.devname modules.symbols modules.alias.bin modules.dep modules.order modules.symbols.bin
Les commandes pour manipuler les modules sont :
- insmod
- rmmod
- lsmod
- modprobe
Par exemple :
root@debian8:~# lsmod Module Size Used by cfg80211 405538 0 rfkill 18867 1 cfg80211 nfsd 263032 2 auth_rpcgss 51211 1 nfsd oid_registry 12419 1 auth_rpcgss nfs_acl 12511 1 nfsd nfs 188136 0 lockd 83389 2 nfs,nfsd fscache 45542 1 nfs sunrpc 237402 6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl crc32_pclmul 12915 0 aesni_intel 151423 0 joydev 17063 0 aes_x86_64 16719 1 aesni_intel lrw 12757 1 aesni_intel gf128mul 12970 1 lrw glue_helper 12695 1 aesni_intel i2c_piix4 20864 0 ablk_helper 12572 1 aesni_intel cryptd 14516 2 aesni_intel,ablk_helper ppdev 16782 0 i2c_core 46012 1 i2c_piix4 serio_raw 12849 0 evdev 17445 7 pcspkr 12595 0 parport_pc 26300 0 snd_intel8x0 34948 0 snd_ac97_codec 118711 1 snd_intel8x0 snd_pcm 88662 2 snd_ac97_codec,snd_intel8x0 snd_timer 26614 1 snd_pcm snd 65244 4 snd_ac97_codec,snd_intel8x0,snd_timer,snd_pcm ac 12715 0 soundcore 13026 1 snd video 18096 0 battery 13356 0 ac97_bus 12510 1 snd_ac97_codec parport 35749 2 ppdev,parport_pc button 12944 0 processor 28221 0 thermal_sys 27642 2 video,processor fuse 83350 1 autofs4 35529 2 ext4 473801 1 crc16 12343 1 ext4 mbcache 17171 1 ext4 jbd2 82514 1 ext4 hid_generic 12393 0 usbhid 44460 0 hid 102264 2 hid_generic,usbhid sr_mod 21903 0 cdrom 47424 1 sr_mod ohci_pci 12808 0 sg 29973 0 sd_mod 44356 3 crc_t10dif 12431 1 sd_mod crct10dif_generic 12581 0 ata_generic 12490 0 ohci_hcd 42982 1 ohci_pci ehci_pci 12512 0 ehci_hcd 69837 1 ehci_pci ata_piix 33592 0 e1000 122545 0 ahci 33334 2 libahci 27158 1 ahci crct10dif_pclmul 13387 1 crct10dif_common 12356 3 crct10dif_pclmul,crct10dif_generic,crc_t10dif usbcore 195468 5 ohci_hcd,ohci_pci,ehci_hcd,ehci_pci,usbhid usb_common 12440 1 usbcore crc32c_intel 21809 0 libata 177508 4 ahci,libahci,ata_generic,ata_piix scsi_mod 191405 4 sg,libata,sd_mod,sr_mod psmouse 99249 0
Pour ajouter un module, on peut utiliser la commande insmod ou modprobe. Cette dernière ajoute non seulement le module passé en argument mais également ses dépendances :
root@debian8:~# modprobe bonding root@debian8:~# lsmod | more Module Size Used by bonding 124989 0 cfg80211 405538 0 rfkill 18867 1 cfg80211 nfsd 263032 2 auth_rpcgss 51211 1 nfsd oid_registry 12419 1 auth_rpcgss nfs_acl 12511 1 nfsd nfs 188136 0 lockd 83389 2 nfs,nfsd fscache 45542 1 nfs sunrpc 237402 6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl crc32_pclmul 12915 0 aesni_intel 151423 0 joydev 17063 0 aes_x86_64 16719 1 aesni_intel lrw 12757 1 aesni_intel gf128mul 12970 1 lrw glue_helper 12695 1 aesni_intel i2c_piix4 20864 0 ablk_helper 12572 1 aesni_intel cryptd 14516 2 aesni_intel,ablk_helper ppdev 16782 0 --More--
Pour supprimer un module, on peut utiliser la commande rmmod ou modprobe -r. Cette dernière essaie de supprimer les dépendances non-utilisées :
root@debian8:~# modprobe -r bonding root@debian8:~# lsmod | more Module Size Used by cfg80211 405538 0 rfkill 18867 1 cfg80211 nfsd 263032 2 auth_rpcgss 51211 1 nfsd oid_registry 12419 1 auth_rpcgss nfs_acl 12511 1 nfsd nfs 188136 0 lockd 83389 2 nfs,nfsd fscache 45542 1 nfs sunrpc 237402 6 nfs,nfsd,auth_rpcgss,lockd,nfs_acl crc32_pclmul 12915 0 aesni_intel 151423 0 joydev 17063 0 aes_x86_64 16719 1 aesni_intel lrw 12757 1 aesni_intel gf128mul 12970 1 lrw glue_helper 12695 1 aesni_intel i2c_piix4 20864 0 ablk_helper 12572 1 aesni_intel cryptd 14516 2 aesni_intel,ablk_helper ppdev 16782 0 i2c_core 46012 1 i2c_piix4 --More--
Les dépendances des modules sont résolues par la commande modprobe grâce aux fichier /lib/modules/<version-du-noyau>/modules.dep. Ce dernier peut être créé manuellement grâce à la commande depmod :
root@debian8:~# more /lib/modules/`uname -r`/modules.dep kernel/arch/x86/kernel/cpu/mcheck/mce-inject.ko: kernel/arch/x86/kernel/msr.ko: kernel/arch/x86/kernel/cpuid.ko: kernel/arch/x86/kernel/iosf_mbi.ko: kernel/arch/x86/crypto/glue_helper.ko: kernel/arch/x86/crypto/aes-x86_64.ko: kernel/arch/x86/crypto/camellia-x86_64.ko: kernel/crypto/xts.ko kernel/crypto/lr w.ko kernel/crypto/gf128mul.ko kernel/arch/x86/crypto/glue_helper.ko kernel/arch/x86/crypto/blowfish-x86_64.ko: kernel/crypto/blowfish_common.ko kernel/arch/x86/crypto/twofish-x86_64.ko: kernel/crypto/twofish_common.ko kernel/arch/x86/crypto/twofish-x86_64-3way.ko: kernel/arch/x86/crypto/twofish-x8 6_64.ko kernel/crypto/twofish_common.ko kernel/crypto/xts.ko kernel/crypto/lrw.k o kernel/crypto/gf128mul.ko kernel/arch/x86/crypto/glue_helper.ko kernel/arch/x86/crypto/salsa20-x86_64.ko: kernel/arch/x86/crypto/serpent-sse2-x86_64.ko: kernel/crypto/xts.ko kernel/crypt o/serpent_generic.ko kernel/crypto/lrw.ko kernel/crypto/gf128mul.ko kernel/arch/ x86/crypto/glue_helper.ko kernel/crypto/ablk_helper.ko kernel/crypto/cryptd.ko kernel/arch/x86/crypto/aesni-intel.ko: kernel/arch/x86/crypto/aes-x86_64.ko kern el/crypto/lrw.ko kernel/crypto/gf128mul.ko kernel/arch/x86/crypto/glue_helper.ko kernel/crypto/ablk_helper.ko kernel/crypto/cryptd.ko kernel/arch/x86/crypto/ghash-clmulni-intel.ko: kernel/crypto/cryptd.ko kernel/arch/x86/crypto/crc32c-intel.ko: kernel/arch/x86/crypto/sha1-ssse3.ko: --More--(0%)
Il est possible d'obtenir des informations sur un module grâce à la commande modinfo :
root@debian8:~# modinfo bonding filename: /lib/modules/3.16.0-4-amd64/kernel/drivers/net/bonding/bonding.ko author: Thomas Davis, tadavis@lbl.gov and many others description: Ethernet Channel Bonding Driver, v3.7.1 version: 3.7.1 license: GPL alias: rtnl-link-bond srcversion: 6BFE6BB1A9B8C86AEBC9487 depends: intree: Y vermagic: 3.16.0-4-amd64 SMP mod_unload modversions parm: max_bonds:Max number of bonded devices (int) parm: tx_queues:Max number of transmit queues (default = 16) (int) parm: num_grat_arp:Number of peer notifications to send on failover event (alias of num_unsol_na) (int) parm: num_unsol_na:Number of peer notifications to send on failover event (alias of num_grat_arp) (int) parm: miimon:Link check interval in milliseconds (int) parm: updelay:Delay before considering link up, in milliseconds (int) parm: downdelay:Delay before considering link down, in milliseconds (int) parm: use_carrier:Use netif_carrier_ok (vs MII ioctls) in miimon; 0 for off, 1 for on (default) (int) parm: mode:Mode of operation; 0 for balance-rr, 1 for active-backup, 2 for balance-xor, 3 for broadcast, 4 for 802.3ad, 5 for balance-tlb, 6 for balance-alb (charp) parm: primary:Primary network device to use (charp) parm: primary_reselect:Reselect primary slave once it comes up; 0 for always (default), 1 for only if speed of primary is better, 2 for only on active slave failure (charp) parm: lacp_rate:LACPDU tx rate to request from 802.3ad partner; 0 for slow, 1 for fast (charp) parm: ad_select:803.ad aggregation selection logic; 0 for stable (default), 1 for bandwidth, 2 for count (charp) parm: min_links:Minimum number of available links before turning on carrier (int) parm: xmit_hash_policy:balance-xor and 802.3ad hashing method; 0 for layer 2 (default), 1 for layer 3+4, 2 for layer 2+3, 3 for encap layer 2+3, 4 for encap layer 3+4 (charp) parm: arp_interval:arp interval in milliseconds (int) parm: arp_ip_target:arp targets in n.n.n.n form (array of charp) parm: arp_validate:validate src/dst of ARP probes; 0 for none (default), 1 for active, 2 for backup, 3 for all (charp) parm: arp_all_targets:fail on any/all arp targets timeout; 0 for any (default), 1 for all (charp) parm: fail_over_mac:For active-backup, do not set all slaves to the same MAC; 0 for none (default), 1 for active, 2 for follow (charp) parm: all_slaves_active:Keep all frames received on an interfaceby setting active flag for all slaves; 0 for never (default), 1 for always. (int) parm: resend_igmp:Number of IGMP membership reports to send on link failure (int) parm: packets_per_slave:Packets to send per slave in balance-rr mode; 0 for a random slave, 1 packet per slave (default), >1 packets per slave. (int) parm: lp_interval:The number of seconds between instances where the bonding driver sends learning packets to each slaves peer switch. The default is 1. (uint)
Dernièrement, les fichiers dans le repertoire /etc/modprobe.d sont utilisés pour spécifier les options éventuelles à passer aux modules lors de leur chargement ainsi que les alias utilisés pour leur faire référence :
root@debian8:~# ls /etc/modprobe.d fbdev-blacklist.conf modesetting.conf root@debian8:~# cat /etc/modprobe.d/fbdev-blacklist.conf # This file blacklists most old-style PCI framebuffer drivers. blacklist arkfb blacklist aty128fb blacklist atyfb blacklist radeonfb blacklist cirrusfb blacklist cyber2000fb blacklist kyrofb blacklist matroxfb_base blacklist mb862xxfb blacklist neofb blacklist pm2fb blacklist pm3fb blacklist s3fb blacklist savagefb blacklist sisfb blacklist tdfxfb blacklist tridentfb blacklist vt8623fb
Compilation et installation du noyau et des modules
Commencez par installer les paquets necessaires :
root@debian8:~# apt-get update root@debian8:~# apt-get install build-essential kernel-package debconf-utils dpkg-dev debhelper ncurses-dev fakeroot Reading package lists... Done Building dependency tree Reading state information... Done Note, selecting 'libncurses5-dev' instead of 'ncurses-dev' The following extra packages will be installed: autopoint binutils dblatex docbook-dsssl docbook-utils docbook-xsl fonts-lmodern fonts-texgyre g++ g++-4.9 gcc gcc-4.9 gettext intltool-debian jadetex kernel-common libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan1 libasprintf-dev libatomic1 libc-dev-bin libc6-dev libcilkrts5 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-homedir-perl libfile-which-perl libgcc-4.9-dev libgettextpo-dev libgettextpo0 libitm1 liblsan0 libmail-sendmail-perl libosp5 libostyle1c2 libpoppler-qt4-4 libpotrace0 libptexenc1 libruby2.1 libsgmls-perl libsp1c2 libstdc++-4.9-dev libsynctex1 libsys-hostname-long-perl libtcl8.6 libtinfo-dev libtk8.6 libtsan0 libubsan0 libunistring0 libxml2-utils libxss1 libyaml-0-2 libyaml-tiny-perl libzzip-0-13 linux-libc-dev lmodern make manpages-dev openjade po-debconf prerex preview-latex-style prosper ps2eps ruby ruby2.1 rubygems-integration sgmlspl sp tcl tcl8.6 tex-common tex-gyre texlive texlive-base texlive-bibtex-extra texlive-binaries texlive-extra-utils texlive-font-utils texlive-fonts-recommended texlive-fonts-recommended-doc texlive-generic-recommended texlive-latex-base texlive-latex-base-doc texlive-latex-extra texlive-latex-extra-doc texlive-latex-recommended texlive-latex-recommended-doc texlive-math-extra texlive-pictures texlive-pictures-doc texlive-pstricks texlive-pstricks-doc tipa tk tk8.6 vprerex xmlto xsltproc zip Suggested packages: binutils-doc docbook graphicsmagick-imagemagick-compat imagemagick latex-cjk-all opensp texlive-lang-all texlive-lang-cyrillic texlive-xetex transfig dh-make docbook-dsssl-doc dbtoepub docbook-xsl-doc-html docbook-xsl-doc-pdf docbook-xsl-doc-text docbook-xsl-doc docbook-xsl-saxon fop libsaxon-java libxalan2-java libxslthl-java xalan debian-keyring g++-multilib g++-4.9-multilib gcc-4.9-doc libstdc++6-4.9-dbg gcc-multilib autoconf automake libtool flex bison gdb gcc-doc gcc-4.9-multilib gcc-4.9-locales libgcc1-dbg libgomp1-dbg libitm1-dbg libatomic1-dbg libasan1-dbg liblsan0-dbg libtsan0-dbg libubsan0-dbg libcilkrts5-dbg libquadmath0-dbg gettext-doc linux-source libncurses-dev glibc-doc ncurses-doc sgmls-doc libstdc++-4.9-doc make-doc doc-base libmail-box-perl ri ruby-dev bundler tcl-tclreadline perl-tk latexdiff latexmk dvidvi fragmaster lacheck purifyeps xindy chktex dvipng psutils t1utils libtcltk-ruby dot2tex xmltex Recommended packages: uboot-mkimage wish The following NEW packages will be installed: autopoint binutils build-essential dblatex debconf-utils debhelper docbook-dsssl docbook-utils docbook-xsl dpkg-dev fakeroot fonts-lmodern fonts-texgyre g++ g++-4.9 gcc gcc-4.9 gettext intltool-debian jadetex kernel-common kernel-package libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan1 libasprintf-dev libatomic1 libc-dev-bin libc6-dev libcilkrts5 libdpkg-perl libfakeroot libfile-fcntllock-perl libfile-homedir-perl libfile-which-perl libgcc-4.9-dev libgettextpo-dev libgettextpo0 libitm1 liblsan0 libmail-sendmail-perl libncurses5-dev libosp5 libostyle1c2 libpoppler-qt4-4 libpotrace0 libptexenc1 libruby2.1 libsgmls-perl libsp1c2 libstdc++-4.9-dev libsynctex1 libsys-hostname-long-perl libtcl8.6 libtinfo-dev libtk8.6 libtsan0 libubsan0 libunistring0 libxml2-utils libxss1 libyaml-0-2 libyaml-tiny-perl libzzip-0-13 linux-libc-dev lmodern make manpages-dev openjade po-debconf prerex preview-latex-style prosper ps2eps ruby ruby2.1 rubygems-integration sgmlspl sp tcl tcl8.6 tex-common tex-gyre texlive texlive-base texlive-bibtex-extra texlive-binaries texlive-extra-utils texlive-font-utils texlive-fonts-recommended texlive-fonts-recommended-doc texlive-generic-recommended texlive-latex-base texlive-latex-base-doc texlive-latex-extra texlive-latex-extra-doc texlive-latex-recommended texlive-latex-recommended-doc texlive-math-extra texlive-pictures texlive-pictures-doc texlive-pstricks texlive-pstricks-doc tipa tk tk8.6 vprerex xmlto xsltproc zip 0 upgraded, 111 newly installed, 0 to remove and 0 not upgraded. Need to get 793 MB of archives. After this operation, 1,343 MB of additional disk space will be used. Do you want to continue? [Y/n] Y ... root@debian8:~# apt-get upgrade
Important - Il n'est pas conseillé de compiler en tant que root pour des raisons de sécurité. Pour pouvoir utiliser le compte d'un utilisateur pour créer un nouveau noyau, celui-ci doit disposer de plusieurs Go d'espace libre.
Ajoutez l'utilisateur trainee au groupe src :
root@debian8:~# cat /etc/group | grep src src:x:40: root@debian8:~# gpasswd -a trainee src Adding user trainee to group src root@debian8:~# cat /etc/group | grep src src:x:40:trainee
Déplacer /home
A Faire - Arrêtez votre machine virtuelle. Ajoutez un deuxième disque de 20 Go au contrôleur SATA en utilisant la section Stockage des paramètres de la machine virtuelle. Le format du disque doit être vmdk. Nommez ce disque DebianHome et re-démarrez la machine virtuelle.
Créez une seule partition sur /dev/sdb :
root@debian8:~# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.25.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x5b6171fe.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1):
First sector (2048-41943039, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-41943039, default 41943039):
Created a new partition 1 of type 'Linux' and of size 20 GiB.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
Créez maintenant un système de fichiers ext4 sur /dev/sdb1 :
root@debian8:~# mkfs.ext4 /dev/sdb1 mke2fs 1.42.12 (29-Aug-2014) Creating filesystem with 5242624 4k blocks and 1310720 inodes Filesystem UUID: 6e4ea901-a36d-4b3f-bbbf-eeea866fca40 Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 4096000 Allocating group tables: done Writing inode tables: done Creating journal (32768 blocks): done Writing superblocks and filesystem accounting information: done
A Faire - Déconnectez-vous en ssh. Connectez-vous directement en tant que root dans la fenetre de VirtualBox.
Montez /dev/sdb1 sur /mnt :
root@debian8:~# mount /dev/sdb1 /mnt
Copiez le contenu de /home vers /mnt :
root@debian8:~# cp -a /home/* /mnt
Démontez /dev/sdb1 et déplacez /home vers /root :
root@debian8:~# umount /mnt root@debian8:~# mv /home /root
Identifiez l'UUID de /dev/sdb1 :
root@debian8:~# ls -l /dev/disk/by-uuid/ | grep sdb1 lrwxrwxrwx 1 root root 10 Aug 13 12:26 6e4ea901-a36d-4b3f-bbbf-eeea866fca40 -> ../../sdb1
Editez le fichier /etc/fstab en ajoutant la ligne pour le montage de /home :
- /etc/fstab
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 / ext4 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=da5a77e9-344d-42aa-aed6-a38d381ba436 none swap sw 0 0 UUID=6e4ea901-a36d-4b3f-bbbf-eeea866fca40 /home ext4 defaults 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
Créez le point de montage /home :
root@debian8:~# mkdir /home
Montez /dev/sdb1 :
root@debian8:~# mount -a root@debian8:~# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=61148,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,relatime,size=101232k,mode=755) /dev/sda1 on / type ext4 (rw,relatime,errors=remount-ro,data=ordered) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct) debugfs on /sys/kernel/debug type debugfs (rw,relatime) mqueue on /dev/mqueue type mqueue (rw,relatime) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=50616k,mode=700) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=50616k,mode=700,uid=1000,gid=1000) /dev/sdb1 on /home type ext4 (rw,relatime,data=ordered)
Notez la taille de /home :
root@debian8:~# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 9.5G 5.7G 3.4G 63% / udev 10M 0 10M 0% /dev tmpfs 99M 4.8M 95M 5% /run tmpfs 248M 0 248M 0% /dev/shm tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 248M 0 248M 0% /sys/fs/cgroup tmpfs 50M 0 50M 0% /run/user/0 tmpfs 50M 0 50M 0% /run/user/1000 /dev/sdb1 20G 46M 19G 1% /home
A Faire - Fermez la session de root et connectez-vous en tant que trainee en ssh.
Télécharger le Code Source du Noyau
Le code source est disponible sur le site www.kernel.org :
trainee@debian8:~$ wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.0.tar.xz --2016-08-13 12:37:52-- https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.0.tar.xz Resolving www.kernel.org (www.kernel.org)... 198.145.20.140, 199.204.44.194, 149.20.4.69, ... Connecting to www.kernel.org (www.kernel.org)|198.145.20.140|:443... connected. HTTP request sent, awaiting response... 404 Not Found 2016-08-13 12:37:53 ERROR 404: Not Found. trainee@debian8:~$ wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.1.tar.xz --2016-08-13 12:39:37-- https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.16.1.tar.xz Resolving www.kernel.org (www.kernel.org)... 198.145.20.140, 199.204.44.194, 149.20.4.69, ... Connecting to www.kernel.org (www.kernel.org)|198.145.20.140|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 80487456 (77M) [application/x-xz] Saving to: ‘linux-3.16.1.tar.xz’ linux-3.16.1.tar.xz 100%[=======================================================================================>] 76.76M 2.51MB/s in 37s 2016-08-13 12:40:15 (2.08 MB/s) - ‘linux-3.16.1.tar.xz’ saved [80487456/80487456]
Désarchivez le tar.xz que vous avez téléchargé :
trainee@debian8:~$ tar xvJf linux-3.16.1.tar.xz
Notez que l'occupation disque du code source du noyau 3.16.1 es de 634 Mo :
trainee@debian8:~$ du -hs ./linux-3.16.1 634M ./linux-3.16.1
Configurer le Noyau
Le fichier Makefile contient le nom du noyau et spécifie les informations suivantes :
- VERSION,
- PATCHLEVEL,
- SUBLEVEL,
- EXTRAVERSION.
Les trois premières informations sont gérées par kernel.org et Linus Torvalds en personne tandis que l'EXTRAVERSION est gérée par Debian :
trainee@debian8:~$ cat ./linux-3.16.1/Makefile | more VERSION = 3 PATCHLEVEL = 16 SUBLEVEL = 1 EXTRAVERSION = NAME = Museum of Fishiegoodies # *DOCUMENTATION* # To see a list of typical targets execute "make help" # More info can be located in ./README # Comments in this file are targeted only to the developer, do not # expect to learn how to build the kernel reading this file. # Do not: # o use make's built-in rules and variables # (this increases performance and avoids hard-to-debug behaviour); # o print "Entering directory ..."; MAKEFLAGS += -rR --no-print-directory # Avoid funny character set dependencies unexport LC_ALL LC_COLLATE=C LC_NUMERIC=C export LC_COLLATE LC_NUMERIC # Avoid interference with shell env settings unexport GREP_OPTIONS # We are using a recursive build, so we need to do a little thinking # to get the ordering right. # # Most importantly: sub-Makefiles should only ever modify files in # their own directory. If in some directory we have a dependency on # a file in another dir (which doesn't happen often, but it's often # unavoidable when linking the built-in.o targets which finally # turn into vmlinux), we will call a sub make in that other dir, and # after that we are sure that everything which is in that other dir # is now up to date. # # The only cases where we need to modify files which have global --More--
Important - La version 2.6 du noyau a vu le jour en 2003. Les SUBLEVEL se suivaient régulièrement. Avec la version 2.6 du noyau, la valeur paire du PATCHLEVEL indiquait que le noyau était stable. Quand vous recompilez le noyau à partir des sources, vous devez modifier la valeur de l'EXTRAVERSION. Le passage à la version 3.0 fut décidé par Linus Torvalds à l'occasion des 20 ans du noyau Linux.
Utilisez maintenant la commande make defconfig pour créer le fichier de configuration .config :
trainee@debian8:~$ su -
Password:
root@debian8:~# cd /home/trainee/linux-3.16.1/
root@debian8:/home/trainee/linux-3.16.1# make defconfig
HOSTCC scripts/basic/fixdep
HOSTCC scripts/kconfig/conf.o
SHIPPED scripts/kconfig/zconf.tab.c
SHIPPED scripts/kconfig/zconf.lex.c
SHIPPED scripts/kconfig/zconf.hash.c
HOSTCC scripts/kconfig/zconf.tab.o
In file included from scripts/kconfig/zconf.tab.c:2537:0:
scripts/kconfig/menu.c: In function ‘get_symbol_str’:
scripts/kconfig/menu.c:590:18: warning: ‘jump’ may be used uninitialized in this function [-Wmaybe-uninitialized]
jump->offset = strlen(r->s);
^
scripts/kconfig/menu.c:551:19: note: ‘jump’ was declared here
struct jump_key *jump;
^
HOSTLD scripts/kconfig/conf
*** Default configuration is based on 'x86_64_defconfig'
#
# configuration written to .config
#
Ce fichier est configuré par une des trois commandes suivantes :
- make config
- make menuconfig
- make xconfig
Dans ce fichier, vous pouvez constater la présence de lignes correspondantes à des fonctionalités suivies par une lettre ou une valeur. Dans le cas d'une lettre, la signification est la suivante :
- y
- la fonctionalité est incluse dans le noyau monolithique ou dans le cas d'une dépendance d'un module, dans le module concerné,
- m
- la fonctionalité est incluse en tant que module,
- n
- la fonctionalité n'est pas incluse. Cette option est rarement visible car dans bien les cas, la fonctionalité est simplement commentée dans le fichier lui-même.
root@debian8:/home/trainee/linux-3.16.1# more .config # # Automatically generated file; DO NOT EDIT. # Linux/x86 3.16.1 Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y CONFIG_OUTPUT_FORMAT="elf64-x86-64" CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig" CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_HAVE_LATENCYTOP_SUPPORT=y CONFIG_MMU=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_HWEIGHT=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y CONFIG_HAVE_SETUP_PER_CPU_AREA=y CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_ZONE_DMA32=y CONFIG_AUDIT_ARCH=y CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y CONFIG_X86_HT=y --More--(1%)
Dernièrement, attribuez le répertoire linux-3.16.1 et son contenu à l'utilisateur trainee et le groupe src :
root@debian8:/home/trainee/linux-3.16.1# chown -R trainee:src /home/trainee/linux-3.16.1
La Commande make-kpkg
Cette commande permet d'effectuer un nettoyage avant toute nouvell compilation des sources du noyau :
root@debian8:/home/trainee/linux-3.16.1# make-kpkg clean
exec make kpkg_version=13.014+nmu1 -f /usr/share/kernel-package/ruleset/minimal.mk clean
====== making target minimal_clean [new prereqs: ]======
This is kernel package version 13.014+nmu1.
test ! -f .config || cp -pf .config config.precious
test ! -e stamp-building || rm -f stamp-building
test ! -f Makefile || \
make ARCH=x86_64 distclean
make[1]: Entering directory '/home/trainee/linux-3.16.1'
CLEAN scripts/basic
CLEAN scripts/kconfig
CLEAN include/config include/generated
CLEAN .config
make[1]: Leaving directory '/home/trainee/linux-3.16.1'
test ! -f config.precious || mv -f config.precious .config
rm -f modules/modversions.h modules/ksyms.ver scripts/cramfs/cramfsck scripts/cramfs/mkcramfs
Compiler le Noyau
La compilation du noyau peut prendre beaucoup de temps. La commande utilisée est la suivante :
root@debian8:/home/trainee/linux-3.16.1# exit logout trainee@debian8:~$ cd ./linux-3.16.1/ trainee@debian8:~/linux-3.16.1$ fakeroot make-kpkg --initrd --appen-to-version=i2tch kernel-image kernel-headers
Important : La commande fakeroot simule l'environnement de root pendant la compilation, –initrd stipule que l'image a besoin d'un initramfs, –append-to-version ajoute l'argument i2tch à la valeur de l'EXTRAVERSION du fichier Makefile tandis que kernel-image génère un paquet Debian contenant le nouveau noyau et kernel-headers crée un paquet contenant les fichiers d'en-têtes contenus dans le noyau Linux.
A l'issu du processus, vous obtiendrez une sortie similaire à ce qui suit :
...
cp -pf debian/control debian/control.dist
k=`find /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch -type f | ( while read i; do \
if file -b $i | egrep -q "^ELF.*executable.*dynamically linked" ; then \
j="$j $i"; \
fi; \
done; echo $j; )`; test -z "$k" || dpkg-shlibdeps $k; \
echo "Elf Files: $K" > /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch/usr/share/doc/linux-headers-3.16.1i2tch/elffiles; \
test -n "$k" || perl -pli~ -e 's/\$\{shlibs:Depends\}\,?//g' debian/control
test ! -e debian/control~ || rm -f debian/control~
dpkg-gencontrol -isp -DArchitecture=amd64 -plinux-headers-3.16.1i2tch \
-P/home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch/
dpkg-gencontrol: warning: -isp is deprecated; it is without effect
create_md5sums_fn () { cd $1 ; find . -type f ! -regex './DEBIAN/.*' ! -regex './var/.*' -printf '%P\0' | xargs -r0 md5sum > DEBIAN/md5sums ; if [ -z "DEBIAN/md5sums" ] ; then rm -f "DEBIAN/md5sums" ; fi ; } ; create_md5sums_fn /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch
chown -R root:root /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch
chmod -R og=rX /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch
dpkg --build /home/trainee/linux-3.16.1/debian/linux-headers-3.16.1i2tch ..
dpkg-deb: building package `linux-headers-3.16.1i2tch' in `../linux-headers-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb'.
cp -pf debian/control.dist debian/control
make[2]: Leaving directory '/home/trainee/linux-3.16.1'
make[1]: Leaving directory '/home/trainee/linux-3.16.1'
Notez que la génération du nouveau noyau a consommé presque 1,2 Go d'espace disque :
trainee@debian8:~/linux-3.16.1$ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 9.5G 5.7G 3.4G 63% / udev 10M 0 10M 0% /dev tmpfs 99M 4.8M 95M 5% /run tmpfs 248M 0 248M 0% /dev/shm tmpfs 5.0M 4.0K 5.0M 1% /run/lock tmpfs 248M 0 248M 0% /sys/fs/cgroup /dev/sdb1 20G 1.2G 18G 7% /home tmpfs 50M 0 50M 0% /run/user/1000
Installer le Nouveau Noyau
Les paquets du nouveau noyau est les fichiers en-tête se trouvent dans le répertoire /home/trainee :
trainee@debian8:~/linux-3.16.1$ cd .. trainee@debian8:~$ ls Desktop Downloads linux-3.16.1.tar.xz linux-image-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb Pictures Templates Documents linux-3.16.1 linux-headers-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb Music Public Videos
Installez maintenant les deux paquets linux-image et linux-headers :
root@debian8:~# dpkg -i /home/trainee/linux*.deb Selecting previously unselected package linux-headers-3.16.1i2tch. (Reading database ... 134500 files and directories currently installed.) Preparing to unpack .../linux-headers-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb ... Unpacking linux-headers-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ... Selecting previously unselected package linux-image-3.16.1i2tch. Preparing to unpack .../linux-image-3.16.1i2tch_3.16.1i2tch-10.00.Custom_amd64.deb ... Done. Unpacking linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ... Setting up linux-headers-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ... Examining /etc/kernel/header_postinst.d. Setting up linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ... Running depmod. Examining /etc/kernel/postinst.d. run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch update-initramfs: Generating /boot/initrd.img-3.16.1i2tch run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch Generating grub configuration file ... Found background image: /usr/share/images/desktop-base/desktop-grub.png Found linux image: /boot/vmlinuz-3.16.1i2tch Found initrd image: /boot/initrd.img-3.16.1i2tch Found linux image: /boot/vmlinuz-3.16.0-4-amd64 Found initrd image: /boot/initrd.img-3.16.0-4-amd64 done
Constatez la création d'un nouveau grub.cfg :
root@debian8:~# grep 3.16.1 /boot/grub/grub.cfg
echo 'Loading Linux 3.16.1i2tch ...'
linux /boot/vmlinuz-3.16.1i2tch root=UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 ro quiet
initrd /boot/initrd.img-3.16.1i2tch
menuentry 'Debian GNU/Linux, with Linux 3.16.1i2tch' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.16.1i2tch-advanced-4a230056-285f-42f4-bfe0-5a73dbc5b745' {
echo 'Loading Linux 3.16.1i2tch ...'
linux /boot/vmlinuz-3.16.1i2tch root=UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 ro quiet
initrd /boot/initrd.img-3.16.1i2tch
menuentry 'Debian GNU/Linux, with Linux 3.16.1i2tch (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-3.16.1i2tch-recovery-4a230056-285f-42f4-bfe0-5a73dbc5b745' {
echo 'Loading Linux 3.16.1i2tch ...'
linux /boot/vmlinuz-3.16.1i2tch root=UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 ro single
initrd /boot/initrd.img-3.16.1i2tch
Désinstallez un Noyau
Re-démarrez votre VM en utilisant le noyau d'origine. Connectez-vous en tant que l'utilisateur trainee via ssh :
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. You have new mail. Last login: Sat Aug 13 12:36:26 2016 from 10.0.2.2 trainee@debian8:~$ su - Password: root@debian8:~#
Lister maintenant les noyaux installés :
root@debian8:~# dpkg -l | grep -i "linux-image*" | awk '{print $2}'
linux-image-3.16.0-4-amd64
linux-image-3.16.1i2tch
linux-image-amd64
Le noyau se désinstalle comme tout autre paquet :
root@debian8:~# apt-get purge "linux-image-3.16.1i2tch" Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be REMOVED: linux-image-3.16.1i2tch* 0 upgraded, 0 newly installed, 1 to remove and 1 not upgraded. After this operation, 9,251 kB disk space will be freed. Do you want to continue? [Y/n] y (Reading database ... 147056 files and directories currently installed.) Removing linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ... Examining /etc/kernel/prerm.d. Examining /etc/kernel/postrm.d . run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch update-initramfs: Deleting /boot/initrd.img-3.16.1i2tch run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch Generating grub configuration file ... Found background image: /usr/share/images/desktop-base/desktop-grub.png Found linux image: /boot/vmlinuz-3.16.0-4-amd64 Found initrd image: /boot/initrd.img-3.16.0-4-amd64 done Purging configuration files for linux-image-3.16.1i2tch (3.16.1i2tch-10.00.Custom) ... Examining /etc/kernel/postrm.d . run-parts: executing /etc/kernel/postrm.d/initramfs-tools 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch run-parts: executing /etc/kernel/postrm.d/zz-update-grub 3.16.1i2tch /boot/vmlinuz-3.16.1i2tch
Vérifiez que le fichier grub.cfg a été modifié :
root@debian8:~# grep 3.16.1 /boot/grub/grub.cfg root@debian8:~#
Dernièrement, listez les noyaux disponibles :
root@debian8:~# dpkg -l | grep -i "linux-image*" | awk '{print $2}'
linux-image-3.16.0-4-amd64
linux-image-amd64
Gestion des Quotas
Important : Déconnectez-vous et re-connectez-vous directement en tant que root.
Sous Linux il est possible de mettre en place des quotas par utilisateur et par groupe. Ceci étant, Linux ne sait pas gérer des quotas par répertoire, uniquement des quotas par partition. L'administrateur met souvent des quotas en place sur l'arborescence de /home pour limiter l'espace de stockage occupé par les utilisateurs.
Commencez par vérifiez que le paquet quota est bien installé :
root@debian8:~# dpkg --get-selections | grep quota root@debian8:~# apt-get install quota Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: libnet-ldap-perl The following NEW packages will be installed: quota 0 upgraded, 1 newly installed, 0 to remove and 1 not upgraded. Need to get 319 kB of archives. After this operation, 1,580 kB of additional disk space will be used. Get:1 http://ftp.fr.debian.org/debian/ jessie/main quota amd64 4.01-8+deb8u1 [319 kB] Fetched 319 kB in 0s (1,884 kB/s) Preconfiguring packages ... Selecting previously unselected package quota. (Reading database ... 146985 files and directories currently installed.) Preparing to unpack .../quota_4.01-8+deb8u1_amd64.deb ... Unpacking quota (4.01-8+deb8u1) ... Processing triggers for man-db (2.7.0.2-5) ... Processing triggers for systemd (215-17+deb8u4) ... Setting up quota (4.01-8+deb8u1) ... Processing triggers for systemd (215-17+deb8u4) ...
Editez le fichier /etc/fstab en ajoutant les options usrquota et grpquota à la ligne /home :
root@debian8:~# vi /etc/fstab root@debian8:~# cat /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> # / was on /dev/sda1 during installation UUID=4a230056-285f-42f4-bfe0-5a73dbc5b745 / ext4 errors=remount-ro 0 1 # swap was on /dev/sda5 during installation UUID=da5a77e9-344d-42aa-aed6-a38d381ba436 none swap sw 0 0 UUID=6e4ea901-a36d-4b3f-bbbf-eeea866fca40 /home ext4 defaults,usrquota,grpquota 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
Démontez puis remontez /home :
root@debian8:~# umount /home root@debian8:~# mount -a
Vérifiez ensuite que les options soient prises en compte :
root@debian8:~# cat /etc/mtab rootfs / rootfs rw 0 0 sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0 proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 udev /dev devtmpfs rw,relatime,size=10240k,nr_inodes=61148,mode=755 0 0 devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0 tmpfs /run tmpfs rw,nosuid,relatime,size=101232k,mode=755 0 0 /dev/sda1 / ext4 rw,relatime,errors=remount-ro,data=ordered 0 0 securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0 tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0 tmpfs /run/lock tmpfs rw,nosuid,nodev,noexec,relatime,size=5120k 0 0 tmpfs /sys/fs/cgroup tmpfs ro,nosuid,nodev,noexec,mode=755 0 0 cgroup /sys/fs/cgroup/systemd cgroup rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd 0 0 pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0 cgroup /sys/fs/cgroup/cpuset cgroup rw,nosuid,nodev,noexec,relatime,cpuset 0 0 cgroup /sys/fs/cgroup/cpu,cpuacct cgroup rw,nosuid,nodev,noexec,relatime,cpu,cpuacct 0 0 cgroup /sys/fs/cgroup/devices cgroup rw,nosuid,nodev,noexec,relatime,devices 0 0 cgroup /sys/fs/cgroup/freezer cgroup rw,nosuid,nodev,noexec,relatime,freezer 0 0 cgroup /sys/fs/cgroup/net_cls,net_prio cgroup rw,nosuid,nodev,noexec,relatime,net_cls,net_prio 0 0 cgroup /sys/fs/cgroup/blkio cgroup rw,nosuid,nodev,noexec,relatime,blkio 0 0 cgroup /sys/fs/cgroup/perf_event cgroup rw,nosuid,nodev,noexec,relatime,perf_event 0 0 systemd-1 /proc/sys/fs/binfmt_misc autofs rw,relatime,fd=23,pgrp=1,timeout=300,minproto=5,maxproto=5,direct 0 0 hugetlbfs /dev/hugepages hugetlbfs rw,relatime 0 0 debugfs /sys/kernel/debug debugfs rw,relatime 0 0 mqueue /dev/mqueue mqueue rw,relatime 0 0 fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0 rpc_pipefs /run/rpc_pipefs rpc_pipefs rw,relatime 0 0 tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=50616k,mode=700 0 0 /dev/sdb1 /home ext4 rw,relatime,quota,usrquota,grpquota,data=ordered 0 0
La Commande quotacheck
Pour activer les quotas sur /home, il convient d'utiliser la commande quotacheck :
root@debian8:~# quotacheck -cugvm -f /dev/sdb1 quotacheck: Your kernel probably supports journaled quota but you are not using it. Consider switching to journaled quota to avoid running quotacheck after an unclean shutdown. quotacheck: Scanning /dev/sdb1 [/home] done quotacheck: Cannot stat old user quota file /home/aquota.user: No such file or directory. Usage will not be subtracted. quotacheck: Cannot stat old group quota file /home/aquota.group: No such file or directory. Usage will not be subtracted. quotacheck: Cannot stat old user quota file /home/aquota.user: No such file or directory. Usage will not be subtracted. quotacheck: Cannot stat old group quota file /home/aquota.group: No such file or directory. Usage will not be subtracted. quotacheck: Checked 6754 directories and 64246 files quotacheck: Old file not found. quotacheck: Old file not found.
Les options de la commande quotacheck sont :
root@debian8:~# quotacheck --help
Utility for checking and repairing quota files.
quotacheck [-gucbfinvdmMR] [-F <quota-format>] filesystem|-a
-u, --user check user files
-g, --group check group files
-c, --create-files create new quota files
-b, --backup create backups of old quota files
-f, --force force check even if quotas are enabled
-i, --interactive interactive mode
-n, --use-first-dquot use the first copy of duplicated structure
-v, --verbose print more information
-d, --debug print even more messages
-m, --no-remount do not remount filesystem read-only
-M, --try-remount try remounting filesystem read-only,
continue even if it fails
-R, --exclude-root exclude root when checking all filesystems
-F, --format=formatname check quota files of specific format
-a, --all check all filesystems
-h, --help display this message and exit
-V, --version display version information and exit
Bugs to jack@suse.cz
Les quotas ont été activés et les fichier aquota.user et aquota.group ont été créés dans le répertoire /home :
root@debian8:~# ls -la /home total 44 drwxr-xr-x 4 root root 4096 Aug 14 09:25 . drwxr-xr-x 23 root root 4096 Aug 13 15:38 .. -rw------- 1 root root 7168 Aug 14 09:25 aquota.group -rw------- 1 root root 7168 Aug 14 09:25 aquota.user drwx------ 2 root root 16384 Aug 13 12:26 lost+found drwxr-xr-x 18 trainee trainee 4096 Aug 13 13:31 trainee
Créez maintenant un utilisateur fenestros avec le mot de passe fenestros :
root@debian8:~# groupadd fenestros && useradd -m fenestros -c FenestrOs -d /home/fenestros -g fenestros -s /bin/bash root@debian8:~# passwd fenestros Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
La Commande edquota
Mettez en place maintenant un quota de 10Mo pour l'utilisateur fenestros :
root@debian8:~# EDITOR=/usr/bin/vi root@debian8:~# export EDITOR root@debian8:~# edquota -u fenestros -f /home
L'éditeur vi se lance et vous obtiendrez un résultat similaire à celui-ci :
Disk quotas for user fenestros (uid 1001): Filesystem blocks soft hard inodes soft hard /dev/sdb1 0 0 0 0 0 0
Modifiez ce fichier ainsi :
Disk quotas for user fenestros (uid 1001): Filesystem blocks soft hard inodes soft hard /dev/sdb1 0 8000 10000 0 0 0
Les options de la commande edquota sont :
root@debian8:~# edquota --help
edquota: Usage:
edquota [-rm] [-u] [-F formatname] [-p username] [-f filesystem] username ...
edquota [-rm] -g [-F formatname] [-p groupname] [-f filesystem] groupname ...
edquota [-u|g] [-F formatname] [-f filesystem] -t
edquota [-u|g] [-F formatname] [-f filesystem] -T username|groupname ...
-u, --user edit user data
-g, --group edit group data
-r, --remote edit remote quota (via RPC)
-m, --no-mixed-pathnames trim leading slashes from NFSv4 mountpoints
-F, --format=formatname edit quotas of a specific format
-p, --prototype=name copy data from a prototype user/group
--always-resolve always try to resolve name, even if it is
composed only of digits
-f, --filesystem=filesystem edit data only on a specific filesystem
-t, --edit-period edit grace period
-T, --edit-times edit grace time of a user/group
-h, --help display this help text and exit
-V, --version display version information and exit
Bugs to: jack@suse.cz
Important - Pour mettre en place un quota par group, la procédure est similaire. Il suffit d'utiliser l'option -g de la commande edquota.
La Commande quotaon
Appliquez maintenant les quotas :
root@debian8:~# quotaon -a
Les options de la commande quotaon sont :
root@debian8:~# quotaon --help quotaon: Usage: quotaon [-guvp] [-F quotaformat] [-x state] -a quotaon [-guvp] [-F quotaformat] [-x state] filesys ... -a, --all turn quotas on for all filesystems -f, --off turn quotas off -u, --user operate on user quotas -g, --group operate on group quotas -p, --print-state print whether quotas are on or off -x, --xfs-command=cmd perform XFS quota command -F, --format=formatname operate on specific quota format -v, --verbose print more messages -h, --help display this help text and exit -V, --version display version information and exit
De cette manière vous avez mis en place un quota souple pour fenestros de 8 000 Ko et un quota stricte de 10 000 Ko.
Quand l'utilisateur fenestros aura dépassé le quota souple, il recevra un message d'avertissement. Quand il dépasse le quota stricte, il ne pourra plus enregistrer dans /home, sauf dans le cas où il supprime des fichiers pour retomber en dessous de la limite stricte.
Il est à noter que vous pouvez soit mettre en place un quota en taille, soit mettre en place un quota basé sur le nombre d'inodes utilisés par l'utilisateur.
Important - La commande pour désactivez les quotas est quotaoff.
La Commande repquota
Pour visualiser les quotas utilisez la commande repquota :
root@debian8:~# repquota /home
*** Report for user quotas on device /dev/sdb1
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 20 0 0 2 0 0
trainee -- 1125912 0 0 70998 0 0
Important - Notez que l'utilisateur fenestros ne figure pas dans la liste. Sous Debian, le quota n'est pas visible tant que l'utilisateur ne s'est pas connecté pour la première fois. Notez aussi les période de grâce de 7 jours.
Les options de la commande repquota sont :
root@debian8:~# repquota --help repquota: Utility for reporting quotas. Usage: repquota [-vugsi] [-c|C] [-t|n] [-F quotaformat] (-a | mntpoint) -v, --verbose display also users/groups without any usage -u, --user display information about users -g, --group display information about groups -s, --human-readable show numbers in human friendly units (MB, GB, ...) -t, --truncate-names truncate names to 9 characters -p, --raw-grace print grace time in seconds since epoch -n, --no-names do not translate uid/gid to name -i, --no-autofs avoid autofs mountpoints -c, --batch-translation translate big number of ids at once -C, --no-batch-translation translate ids one by one -F, --format=formatname report information for specific format -h, --help display this help message and exit -V, --version display version information and exit Bugs to jack@suse.cz
La Commande quota
Pour visualiser les quotas d'un utilisateur spécifique, il convient d'utiliser la commande quota :
root@debian8:~# quota fenestros
Disk quotas for user fenestros (uid 1001): none
root@debian8:~# su - fenestros
fenestros@debian8:~$ touch test
fenestros@debian8:~$ exit
logout
root@debian8:~# quota fenestros
Disk quotas for user fenestros (uid 1001):
Filesystem blocks quota limit grace files quota limit grace
/dev/sdb1 20 8000 10000 6 0 0
Les options de la commande quota sont :
root@debian8:~# quota --help
quota: Usage: quota [-guqvswim] [-l | [-Q | -A]] [-F quotaformat]
quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -u username ...
quota [-qvswim] [-l | [-Q | -A]] [-F quotaformat] -g groupname ...
quota [-qvswugQm] [-F quotaformat] -f filesystem ...
-u, --user display quota for user
-g, --group display quota for group
-q, --quiet print more terse message
-v, --verbose print more verbose message
-s, --human-readable display numbers in human friendly units (MB, GB...)
--always-resolve always try to translate name to id, even if it is
composed of only digits
-w, --no-wrap do not wrap long lines
-p, --raw-grace print grace time in seconds since epoch
-l, --local-only do not query NFS filesystems
-Q, --quiet-refuse do not print error message when NFS server does
not respond
-i, --no-autofs do not query autofs mountpoints
-F, --format=formatname display quota of a specific format
-f, --filesystem-list display quota information only for given filesystems
-A, --nfs-all display quota for all NFS mountpoints
-m, --no-mixed-pathnames trim leading slashes from NFSv4 mountpoints
--show-mntpoint show mount point of the file system in output
--hide-device do not show file system device in output
-h, --help display this help message and exit
-V, --version display version information and exit
Bugs to: jack@suse.cz
La Commande warnquota
La commande warnquota vérifie le ou les disques et envoie un message par mail à tout utilisateur qui a dépassé la limite soft. Elle est enrègle générale appelée par un job cron. Cependant elle peut aussi est appelée d'une manière intéractive.
Les options de la commande warnquota sont :
root@debian8:~# warnquota --help warnquota: Usage: warnquota [-ugsid] [-F quotaformat] [-c configfile] [-q quotatabfile] [-a adminsfile] [filesystem...] -u, --user warn users -g, --group warn groups -s, --human-readable send information in more human friendly units -i, --no-autofs avoid autofs mountpoints -d, --no-details do not send quota information itself -F, --format=formatname use quotafiles of specific format -c, --config=config-file non-default config file -q, --quota-tab=quotatab-file non-default quotatab -a, --admins-file=admins-file non-default admins file -h, --help display this help message and exit -v, --version display version information and exit Bugs to jack@suse.cz
<html>
Copyright © 2020 Hugh Norris.<br><br>
</html>
