I just read a bandwidth limiting HOWTO on tldp.org - it talked about limiting traffic rates, but not total megabytes, but may be helpful.
Here's an approach with scripts and iptables: set up an iptables rule to forward traffic for each user's IP address, so you get byte counts for each one. Then you can read them with "iptables -L -nxv" and zero them all at midnight with "iptables -Z"
Then you'll have to run a script every (say) 5 minutes to see if anyone had passed their quota, and block them (by adding another iptables rule) if they had. I guess this ought to be possible as a shell script, but I haven't seen one.