ZFS snapdir readability (Crosspost)

mike tancsa mike at sentex.net
Thu Nov 7 14:54:13 UTC 2019

On 11/6/2019 7:02 PM, Alan Somers wrote:
> Your analysis of the snapdir is correct.  Setting it to hidden doesn't make
> it inaccessible.  That's not unique to FreeBSD, however.  I believe it's
> common to all ZFS implementations (I just double checked on Oracle
> Solaris).  Also, the problem isn't unique to ZFS.  Any backup system would
> have the same problem, as long as users are allowed to access the backups
> directly.  And in fact, Bob could've directly observed Alice's id_rsa file
> before she changed it.  So I don't think this should be considered a
> security vulnerability.  The best course for Alice would be to consider her
> id_rsa as compromised as soon as she notices the problem, and delete it.

Still, it would be a nice feature to have where .zfs could be set to
root only read.    In a multi user system, my users (me included) do all
sorts of accidental foot shooting things like making files readable for
a brief period of time they should not make readable.  I think I recall
ZoL adding this as a feature back when I ran into this issue via zfs
allow / unallow ? Or at least I think I saw discussion about it.



More information about the freebsd-fs mailing list