ZFS snapdir readability (Crosspost)
jbe-mlist at magnetkern.de
Thu Nov 7 02:36:36 UTC 2019
On Wed, 6 Nov 2019 16:36:08 -0800
Alan Batie <alan at peak.org> wrote:
> On 11/6/19 4:20 PM, Jan Behrens wrote:
> > My problem here is that with most (or maybe even all) other backup
> > systems, I would be able to restrict ordinary users from accessing all
> > backups. So I consider this problem to be pretty much unique to ZFS
> This is going to be a problem with any system that does snapshots - our
> Netapps would also have the same issue, and it's unfortunate, but one
> you want as you want users to be able to recover their files on their
> own, it's part of the point...
I understand the point now.
Not all application fields of snapshots, however, (whether backup or
replication or other) have the purpose of letting non-privileged users
access the data. With the current implementation of ZFS I have no
choice on whether I want this behavior or consider it a security
problem that should be avoided in my scenario. This also applies to
snapshots taken for other reasons than (user readable) backups.
More information about the freebsd-fs