Use different filesystems.
Quotas are based on the filesystem. You DON'T want to impose quotas on root/daemons (if the quota blocks their writes the system may not boot, and services may/will abort).
Other problems with a merged user/system space are that it is MUCH harder to replace a faulty system. It is much easier to have an alternate root to use (just use the root= kernel option to direct it to a backup root), but if user files are mixed in... you just can't do that (the resulting system will not have the users files unless you can afford two 20TB root systems - and then it takes forever to make backups...).
Your system should have the quota tools installed. To find out if you have the documentation, just do a "man -k quota".
My system shows:
Code:
$ man -k quota
btrfs-qgroup (8) - control the quota group of a btrfs filesystem
btrfs-quota (8) - control the quota of a btrfs filesystem
convertquota (8) - convert quota from old file format to new one
edquota (8) - edit user quotas
euare-accountgetsummary (1) - Display account-level information about account...
ext_time_quota_acl (8) - Squid time quota external acl helper.
quota (1) - display disk usage and limits
quotacheck (8) - scan a filesystem for disk usage, create, check and re...
quotactl (2) - manipulate disk quotas
quotaoff (8) - turn filesystem quotas on and off
quotaon (8) - turn filesystem quotas on and off
quotastats (8) - Program to query quota statistics
quotasync (1) - synchronize in-kernel file system usage and limits to ...
repquota (8) - summarize quotas for a filesystem
setquota (8) - set disk quotas
smbcquotas (1) - Set or get QUOTAs of NTFS 5 shares
systemd-quotacheck (8) - File system quota checker logic
systemd-quotacheck.service (8) - File system quota checker logic
vfs_default_quota (8) - store default quota records for Windows clients
xfs_quota (8) - manage use of quota on XFS filesystems
xqmstats (8) - Display XFS quota manager statistics from /proc
As shown, there are slightly different quota controls depending on WHICH filesystem type is used. Note: there is usually a requirement to enable quotas when mounting filesystems (fstab entries).
One good use for quotas (even if you don't enforce limits) is to identify the user(s) that happen be pigs when the complaints start. Checking the current usage is easy with quotas, but can be rather time consuming when using du (disk usage), and isn't necessarily accurate. Some users allow other users to store files in their directory - joint projects tend to do that. du will report the amount used by directory -but that can misattribute usage in such shared cases.
Also, politically it is MUCH easier to set up quotas before the users are on the system than it is to do after users become pigs...
There are a number of things that can be done by separating users from the system files - for instance, removing setuid/setgid capability (prevents account sharing, and if /tmp is mounted that way it also tends to prevent root hacks. Policy: no user writable filesystem should be mounted with setuid/setgid; and sometimes nice to make /tmp noexec as well).
