Storage
Logical Volume Manager (LVM)
LVM is a device mapper offering logical volume management for the Linux kernel. It abstracts disk storage to allow more flexible volume management beyond traditional physical storage limitations.
Key Concepts and Operations
- Physical Volume (PV): Represents a physical disk or disk partition.
- Volume Group (VG): A pool of storage formed by one or more physical volumes.
- Logical Volume (LV): A resizable, virtual disk created from space in a volume group.
Step-by-Step Guide
-
Creating Physical Volumes:
- Use
pvcreate
to initialize physical storage devices as physical volumes.pvcreate /dev/sda1 /dev/sdb1
- Use
-
Creating a Volume Group:
- Combine multiple PVs into a VG using
vgcreate
.vgcreate vgname /dev/sda1 /dev/sdb1
- Combine multiple PVs into a VG using
-
Creating Logical Volumes:
- Allocate space from the VG to create an LV with
lvcreate
.lvcreate -L 20G -n lvname vgname
- Allocate space from the VG to create an LV with
- Formatting and Mounting the LV:
- Format the LV with a filesystem (e.g., ext4) and mount it.
mkfs.ext4 /dev/vgname/lvname mount /dev/vgname/lvname /mnt
- Format the LV with a filesystem (e.g., ext4) and mount it.
Disk Quotas
Disk quotas restrict the amount of disk space and number of files a user or group can use, essential for managing multi-user environments.
Configuration Steps
- Enabling Quotas:
- Edit
/etc/fstab
to includeusrquota
and/orgrpquota
on the desired filesystem. - Remount the filesystem.
mount -o remount /home
- Edit
- Creating Quota Databases:
- Initialize quota tracking with
quotacheck
.quotacheck -vugm /home
- Initialize quota tracking with
- Setting Quotas:
- Use
edquota
to edit quotas for users or groups.edquota -u username
- Use
File System Security
Maintaining file system security involves setting proper permissions, using Access Control Lists (ACLs), and optionally, configuring SELinux or AppArmor profiles.
-
Permissions and Ownership:
- Regularly review and adjust file and directory permissions and ownership using
chmod
andchown
.
- Regularly review and adjust file and directory permissions and ownership using
-
Access Control Lists (ACLs):
- Use ACLs for finer-grained access control.
setfacl -m u:username:rwx /path/to/file
- Use ACLs for finer-grained access control.
-
Encryption:
- Consider encrypting sensitive data at rest, using tools like
cryptsetup
for disk encryption.
- Consider encrypting sensitive data at rest, using tools like
-
SELinux:
- Leverage SELinux for mandatory access control policies to limit application and user access to files.
Assignments
- Expand an Existing Logical Volume:
- Add a new disk to your VM or physical server.
- Extend an existing volume group and logical volume to include this new disk space.
- Implement User Quotas:
- Configure user disk quotas on a system with multiple users. Test by attempting to exceed these quotas.
- Secure a Directory Using ACLs:
- Choose a directory used by multiple users and set up ACLs to restrict and allow specific access.
Interview Questions
- Describe the process of extending a logical volume without causing downtime. What tools and commands would you use?
- How can disk quotas prevent a single user from consuming all disk resources on a shared server?
- Explain the difference between traditional Unix/Linux permissions and ACLs. When would you use one over the other?