Implementing Per-User Bandwidth Quotas for Torrent Clients on Debian Linux


1 views

When multiple users share a dedicated server for torrenting, implementing fair usage policies becomes crucial. The challenge lies in:

  • Tracking bandwidth consumption per UNIX user
  • Enforcing monthly quotas
  • Automating client termination when limits are exceeded
  • Maintaining proper user isolation

We'll implement this using three core components:

  1. Bandwidth monitoring with vnStat
  2. Traffic control via tc (Traffic Control)
  3. Automated enforcement with cron scripts

1. Install Required Packages


sudo apt-get install vnstat tcptrack iftop
sudo apt-get install wondershaper

2. Configure Per-User Tracking

Create individual vnStat databases for each user:


for user in $(ls /home); do
    sudo vnstat -u $user --create -i eth0
done

3. Traffic Control with tc

Set up per-user traffic shaping:


#!/bin/bash
USER=$1
LIMIT=$2 # in kbps

tc qdisc add dev eth0 root handle 1: htb
tc class add dev eth0 parent 1: classid 1:1 htb rate 1000mbit
tc class add dev eth0 parent 1:1 classid 1:$USER htb rate ${LIMIT}kbit
tc filter add dev eth0 protocol ip parent 1:0 prio 1 handle 1: cgroup

4. Automated Enforcement Script

Create /usr/local/bin/check_bandwidth:


#!/bin/bash
USER=$1
QUOTA=$2 # in GB
CURRENT=$(vnstat -i eth0 --oneline | grep "$USER" | awk '{print $5}')

if [ "$CURRENT" -gt "$QUOTA" ]; then
    pkill -u $USER transmission-daemon
    echo "User $USER has exceeded $QUOTA GB quota" | mail -s "Bandwidth Alert" admin@example.com
fi

For more granular control, consider Linux control groups:


# Install cgroup tools
sudo apt-get install cgroup-bin

# Create network cgroup
sudo cgcreate -g net:torrent_users

# Set bandwidth limits
echo "8:0 $((1024 * 1024))" > /sys/fs/cgroup/net/torrent_users/net_cls.classid
tc filter add dev eth0 parent 1: protocol ip handle 1: cgroup

Implement daily reports with this cron job:


0 0 * * * for user in $(ls /home); do vnstat -u $user -i eth0 --dumpdb > /var/www/bandwidth/$user.txt; done
  • Test thoroughly in a staging environment
  • Consider using Docker containers for better isolation
  • Monitor system resources (vnStat uses minimal CPU)
  • Document your policies clearly for all users

For persistent configuration, add these to /etc/rc.local to survive reboots.

When running multiple torrent clients under different user accounts on a Debian server, traditional bandwidth shaping tools like tc (traffic control) don't natively provide per-user accounting. Here's a comprehensive approach combining several Linux subsystems:

# Required packages
sudo apt-get install iptables vnstat quota

Create per-user chains in iptables to track bandwidth:

# Create accounting chains
sudo iptables -N USER_A
sudo iptables -N USER_B

# Redirect traffic to user chains
sudo iptables -A OUTPUT -m owner --uid-owner userA -j USER_A
sudo iptables -A OUTPUT -m owner --uid-owner userB -j USER_B

# Count bytes in each chain
sudo iptables -A USER_A -j ACCEPT
sudo iptables -A USER_B -j ACCEPT

# Save rules
sudo iptables-save > /etc/iptables.rules

Create a monitoring script (e.g., /usr/local/bin/bandwidth_monitor):

#!/bin/bash
USER_LIMITS=(
    "userA:10737418240"  # 10GB
    "userB:5368709120"   # 5GB
)

for limit in "${USER_LIMITS[@]}"; do
    IFS=':' read -r user max_bytes <<< "$limit"
    bytes=$(iptables -L USER_${user^^} -v -x | awk 'END{print $2}')
    
    if [ "$bytes" -gt "$max_bytes" ]; then
        # Kill all torrent processes
        pkill -u "$user" transmission
        # Block network access
        iptables -A OUTPUT -m owner --uid-owner "$user" -j DROP
        echo "User $user exceeded monthly quota" | mail -s "Bandwidth Alert" admin@example.com
    fi
done

If running separate instances per user with dedicated network interfaces:

# Install vnstat
sudo apt-get install vnstat

# Create database for each user's interface
sudo vnstat -u -i tun0
sudo vnstat -u -i tun1

# Sample query
vnstat -i tun0 --oneline | awk -F ";" '{print $6}'

Create /etc/systemd/system/bandwidth-monitor.service:

[Unit]
Description=Bandwidth quota monitor

[Service]
Type=oneshot
ExecStart=/usr/local/bin/bandwidth_monitor

[Install]
WantedBy=multi-user.target

Then create a timer to run it hourly:

[Unit]
Description=Hourly bandwidth check

[Timer]
OnCalendar=hourly
Persistent=true

[Install]
WantedBy=timers.target
  • Consider using containers (LXC/Docker) for better isolation
  • For Debian Lenny, you may need backported packages
  • Test extensively in staging before production deployment
  • Implement proper logging for auditing purposes