Part one of my “Lessons Learned When My Blog Died” trilogy.

Lesson one: Soft boundaries vs Hard boundaries

There are two types of disk quota. Soft limits are a ”nag threshhold”: you are allowed to exceed them, but the system will start nagging you if you do. If you stay over your soft limit too long, you won't be allowed to write any more data, but the limits are set up such that it would be very hard to do such a thing accidentally.

Attempts to cheat the soft-limit system by dropping down below quota and then putting the files back straight afterwards can be easily detected and dealt with administratively.

Hard limits, on the other hand, impose a strict cap on the disk space a particular user can be assigned. Attempts to exceed that usage are met with a reaction similar to the disk being full.

Very few programs have been programmed to cope with running out of disk space. It is a very rare program that, faced with a full disk, will not trash at least some of your vitally important data. In my case, this meant a couple of the Berkeley DB files that power this site became corrupted by failed writes, leading to portions of the site still being quite spectacularly broken.

Hard limits on disk space should always be set to at least twice the soft limit (that gives each user enough temporary space to back their data up to a tar file and transfer it elsewhere). People will mostly stay below the soft quota, so this will not create a serious problem of over-use of disk. On the other hand, the higher hard limit is much, much less likely to break anything and annoy the users.