ZFS snapdir readability (Crosspost)
borjam at sarenet.es
Wed Nov 20 15:02:21 UTC 2019
> On 20 Nov 2019, at 14:40, Jan Behrens <jbe-mlist at magnetkern.de> wrote:
> On Wed, 20 Nov 2019 08:24:43 -0500
> Mike Tancsa <mike at sentex.net> wrote:
>> On 11/20/2019 5:07 AM, Borja Marcos wrote:
>>> You could make snapshots not mounted, period, requiring administrator’s actions to mount them. But you
>>> would lose convenience for common users.
>> Actually, thats all I am advocating for-- settings perms on the
>> accessibility of the snapshot. ie instead of the "invisibility" feature,
>> change it to an "inaccessible" feature.
> This would solve the security problem, but only as long as snapshots are
> never mounted. Once they are mounted (unless you can specify the
> directory where they are mounted), unprivileged users could still
> access files they should not be allowed to access.
> A better solution would be to specify user, group, and modes
> (e.g. root:root 700) when mounting or auto-mounting snapshots.
At least it’s a different problem. Mounting a snapshot *intentionally* could be
something similar to recovering a backup. What poses a serious issue in my
opinion is that the system *does* mount them automatically.
More information about the freebsd-fs