1z0-821 Oracle Solaris 11 System Administration – Administering User Accounts Part 4

  • By
  • February 21, 2023
0 Comment

10. Configuring User Disk Quotas.

The next topic we’re going to take a look at is configuring user disk quotas. Now, disk quotas are not very difficult to understand and definitely not difficult to manage. What disk quotas are, are limits imposed on a particular file system or directory in order to prevent users from exceeding storage limits. So you would essentially impose a limit on of a certain amount of space that could be used for writing files to the file system and anything past that limit wouldn’t be written that would be exceeding the quota. You would use this in order to limit the use of space on a file system. If you have very limited space, such as on a drive or partition, or if you have a shared storage file system or shared hard drive, maybe that has common use files or temporary files that many users write to and you just want to limit the amount of junk they can put on the common drive there.

You can also put these limits on users home directories to keep them from filling up and taking up space on the drives if you have limited storage ability. Now, there’s no real GUI built in the Solaris Eleven to manage quotas. You would think that there would be and in fact there are some different tools, some utilities in Solaris Eleven that you might think to yourself that would be a good place to put quota management in that tool. But unfortunately it’s not that way. You can get some third party utilities to help you with this if you like. However, the typical way to do it is by using the command line interface, specifically using the ZFS set command.

And it’s actually very easy, it’s not difficult at all. The example on this slide will show you how to do it and we’ll also do it here in a moment. But you would say ZFS set quota equals and the amount you want to impose on the file system and then the file system itself. And in this example we’ve included the R pool, the default resource pool, export home and bin. Now I’ll go ahead and do an example for you so you can see what it looks like in the command line interface. We’re back in Solaris Eleven in the command line interface and what I need to do first is switch to the root account because imposing quotas on file systems typically involves higher level privileges and you don’t have to use a root account. In fact, you probably shouldn’t use this all the time. You should just develop a role and assign it rights and privileges that can impose quotas and then assign that role to users.

But for right now, in the interest of time, we’ll go ahead and switch to root. And now we’re at the root command prompt here. And the first thing I want to do is impose a quota on a user, well on their home directory, not the user themselves. And we’re going to say ZFS set quota equals we’re going to say 1GB, and we’re going to impose that on the Rpool exporthome, let’s say Barbara directory. Now we’ve imposed that quota on there. Now we can check quotas by actually using the ZFS get command. So we could say ZFS get quota, rpool export home Barbara, let’s see what we get. So it shows you the directory that you imposed a quote on. It shows you what the property is and it gives you the value 1GB and the source is local. That means it’s a local pool, local source, a local directory.

And with that ZFS get, you can get all kinds of properties from the file system. And we particularly wanted the quota property, so that’s why it lists the quota under the property heading, the value that’s set for that property and the source and ZFS get can actually get you a lot more information than just quotas. Of course, it can get you a lot of information about the file system. In any case, this would be basically how you would set a quota for a particular file system or a particular directory. Again, it doesn’t always have to be a user’s home directory, although you can do that in some organizations do impose quotas on their users in terms of home directories and how much they can use for storage. Most of the time, however, what it’s of value to you as is to impose quotas on public use directories and folders such as a temp directory or a data directory that everybody writes to and reads from. You don’t want that to be flooded with junk or exceed its storage properties or its storage limits, rather. So you would impose quotas on that. So that’s essentially what quotas are about. Very simple to manage, very simple to understand. Unfortunately, no GUI for you, although maybe that will come in a future version of Solaris or you can get a third party utility to do it for you. So that’s essentially quotas in a nutshell.

11. User Account and Quota Issues

Now that we’ve discussed user accounts and managing them, groups, roles, and quotas, it’s probably a good idea to talk about troubleshooting issues that can occur with all of these things. Now, there’s not many issues that can occur with any of these actually. And when issues do occur, they’re fairly easy to track down and fairly easy to troubleshoot. Some of the issues that you might see with user accounts, accounts, typically the most common one you’ll see is permissions, rights and privileges. Either it won’t be enough or it’ll be too much, or it’ll be on the wrong resource. So typically what you would do is look at the permissions to the resource that a user has and just change them. Give them more if they need it, but give them less whenever you can. Rights and privileges can be used really using the roles facility, that’s the best way to do it. You typically don’t want to give an individual account rights and privileges. It would be better to assign those rights profiles to a role and then assign the role to the user. Then if they don’t have the right privileges, then you would go and tweak the role a little bit or add them, add another role to them. Every now and then you’ll see incorrect UID or Group ID. This typically happens when you try to create a user account or group and you manually enter a UID or a group ID in there and it tells you that that UID or group ID is already in use.

So that’s easy to fix. You just change to another one. Most of the time. It’s probably the easiest thing to do to let the system assign one. Unless you’re assigning a particular block of user IDs or group IDs for management purposes, you may have some, let’s say in the 50,000 range, there are a particular group of folks that you want to manage separately, so that might be one reason to do that. Sometimes you’ll try to create a user and that user will already exist either as that UID or using that name. You typically can’t use the same user account name for a new user if it already exists. So you’ll get an error when you try to create that, and that’s easy to fix as well. You just come up with a different name.

Now sometimes you’ll encounter incorrect roles or groups assigned, and how you will see that is either a lack of privileges or too many privileges. Maybe a user can do too many things they shouldn’t be able to do, or they should be able to do things that you’ve told them they need to do, and they don’t have the right privileges to do that. Again, that really just involves either using user mod or the user manager to go in and fix that issue. After you kind of research and see what the issue is, you’d go in, you’d see what their roles or groups assigned are and you just fix it again. All these issues are typically corrected using User Manager, the GUI, or the command line, typically the user mod command. Now, as far as quotas go, again, there’s not too many things that can go wrong, but there are a few things. Typically you’ll see things like the quotas that are set too low or too high or not set at all. Maybe you’re seeing one user write a lot of files to a particular file system or directory, and nobody else can write because they’re taking up all the space. So you want to change the quotas on that asset, maybe you need to set them a little bit higher. Sometimes you’ll set quotas on the wrong file system or the wrong pool or directory. That’s easy to do. Everyone makes mistakes. You’ll think you set a quota and then suddenly users are still writing gigabytes of data to the file system. So you have to go back and do a ZFS get to see where the quota actually is set at and what it’s set as. Now, sometimes you’ll set a quota on a resource that requires high limit, or you’ll set no quota and a user will not be able to write to it, even though they should be able to because the quota is set too low. And it might be because they had a role you forgot about. Maybe they’re a log operator and they need to be able to write logs to a certain file to store them, and they keep trying to do that, but you’ve set quotas on that resource, on that file system, so they can’t do it. So you might need to look at that.

Now, typically quotas are easy to troubleshoot and manage, and there’s a couple of different tools you can use. Obviously, the ZFS command, the set and the get is probably going to be your primary tool since there’s no real GUI tool that does this. However, there is something you can use called Performance Monitor that will show you the space used up on different file systems. Now, that doesn’t directly help you troubleshoot quotas, but it can let you see the different file systems in use and what they currently have on them. So let’s take a quick look at that, and you can see a little bit about how that might help you troubleshoot quota issues. Okay, let’s look at Solaris Eleven here, and what I’m going to do is look at applications and system tools here, and I’m going to see Performance Monitor. Now, you’d think that Disk Usage Analyzer would give you some information about quotas, but it doesn’t. And this is one of the places I said, hey, this would be a good place to put quota management, but alas, that did not happen. Maybe it will in the future. Performance Monitor, on the other hand, in its File Systems tab does give you a useful place to kind of just get a quick overview of all the file systems on your system and you can kind of see what the total space available is, what the total space free is, and the total used is. And then that might keep you to go in and look at those particular quotas for those file systems if they look like the space is being used up rather quickly. So while this doesn’t help you directly solve quota issues, it gives you an additional tool you can use to look at that might help you get on the right track with Quotas. So that’s about the only GUI tool really available to you that Might help you with quota issues.

12. For the Exam

Now. We’ve concluded our series of sessions on managing user accounts, and we’ve learned a lot during these past few sessions. We learned how to understand the basics of user accounts in groups. We know what they are. We know that groups can hold user accounts so that there can be access to particular resources. We looked at roles. We know that a role is set of permissions and rights that you can assign to a user a grouped set of permissions and rights. You assign this to your user so the user can do certain functions, perform certain things on the system. We learned how to set up those roles in the User Manager GUI, and we learned how to set up and manage user accounts in that GUI as well. We also found out that Solaris Eleven didn’t have that right out of the box that it took until Solaris Eleven one, which was only just released to include that in. There kind of an oversight on Solaris part or Oracle’s part, I don’t know. Or maybe they just felt that people didn’t want it, or maybe they waited to introduce it until it was perfected and working well. Either way, you’ve got it now and we covered it because it may be on the exam, but it’s also good to know.

You need to be familiar with that GUI user Management utility. Keep in mind how the filter thing works between users and roles so you can change focus on setting up and managing users, or setting up and managing roles. So can I just be familiar with that? Be familiar with some of the advanced options that you can do for users and roles assigning groups, rights, privileges, authorizations, and so forth. You also need to be familiar with the various command line utilities that we looked at for managing users and groups and roles, and we looked at several of them. We looked at how you can use the ID command to determine your user ID. We looked at how to do the who am I? Command to determine who exactly you’re logged in as. We also looked at the different commands to manage user accounts such as user add, user Dell, and user mod in particular. User mod is probably the more important one simply because you can do all kinds of things with it, such as add users to groups and add roles to users once the role has been created and configured. Now, we also looked at user initialization files such as the Etsy profile, the Bash profile files, and the Corn Shell initialization files. We looked at those and basically explained in general what they do in terms of setting up the user’s environment when you first log into the system. We also looked at variables and how they work, the types of data you can store in them, how to look at them, and how to set them persistently across user sessions. We also looked at the use of shell metacaracters. Again, these are basically just characters that are dealt with differently in different shells and in different operating systems like Unix and Linux. But they make a difference as to how you query things, how you set up things, how you basically script. So there’s a few different shell meta characters you need to be familiar with and how they interact with the system. We also looked at configuring user disk quotas. We looked at how to do that in ZFS with the Create command, and we looked at how to manage those. And that’s actually not too difficult to do.

We know that user quotas are basically things that apply to the file system to keep users from doing certain things or to keep storage limits down. That’s primarily what it’s used for, storage limits. Then we finally looked at how to troubleshoot the rare issues that do come up sometimes with user accounts, groups and disquotas. Rarely do things happen, but they do. And sometimes you have to go in and tweak a user account or tweak a group, or take someone out of a group, put them in a group, or change a role for them. And how to tweak issues with disk quotas. So we’ve looked at all that and those are the things you need to know for the exam and things you need to study and practice on. In addition to reviewing the VTC part of the course on this, you probably would be best served by actually practicing some of these commands and performing some of these activities and operations. Also, looking at the solaris documentation online on the Oracle site would probably be a big help as well. So practice this stuff or the exam and you’ll do very well on it.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img