protecting zfs snapshot info
Mike Tancsa
mike at sentex.net
Mon Aug 14 12:58:10 UTC 2017
On 8/14/2017 2:47 AM, Borja Marcos wrote:
>
>> On 12 Aug 2017, at 19:14, Mike Tancsa <mike at sentex.net> wrote:
>>
>>
>> Is there a way in zfs to protect non root users from seeing snapshots ?
>> lets say a user makes a permissions mistake on a sensitive homedirectory
>> on a Monday AM that is not discovered until the next day. If there are
>> a whole mess of snapshots created between those two points in time,
>> there is no way to protect that directory without deleting the snapshots.
>
> Good question and it’s a problem indeed. The .zfs directory is always created
> and it can be hidden but it’s still accessible. It’s a security problem that prevents
> an effective access revocation for a directory/file, I guess that’s what you mean.
Yes, something like an extra option
hidden | visible | unmounted
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the freebsd-fs
mailing list