ZFS snapdir readability (Crosspost)
Jan Behrens
jbe-mlist at magnetkern.de
Fri Nov 22 14:36:42 UTC 2019
On Fri, 22 Nov 2019 09:41:52 +0100
Borja Marcos <borjam at sarenet.es> wrote:
> > On 21 Nov 2019, at 17:59, mike tancsa <mike at sentex.net> wrote:
> >
> > On 11/21/2019 11:49 AM, Jan Behrens wrote:
> >>
> >> As far as I know, there is no way to disable having .zfs/snapshot
> >> readable by everyone, is that correct?
> >
> > I believe so. Hence the request to add a zfs feature to add a new
> > option to snapdir along the lines of
> >
> > zfs set snapdir=inaccessible <filesystem>
> > or
> > zfs set snapdir=rootonly <filesystem>
>
> Instead of “inaccessible" I would say “disable” because it’s not only preventing access. It is
> preventing an actual action from taking place: the automatic mounting of the snapshots
> below .zfs/snapshot. So. “disable” is more descriptive.
>
> What about a third option, “owneronly”? Although I think it should be controlled by
> the vfs.usermount property.
>
> Borja.
I definitely would appreciate one of "rootonly" or "owneronly". I
believe this is what most people would want/need. For me, either would
suffice. I like the automounting feature, if it could be limited to
root or the owner of the filesystem.
"owneronly" (in contrast to "rootonly") would also support those cases
where users shall be allowed to access the snapshots of their
directories.
How about "grouponly" and "wheelonly" (in addition to "rootonly",
"owneronly", and "disable")? I guess that would cover pretty much
everything, though it might be a bit clunky to add all these options.
An alternative would be to simply provide a way to disable zfs snapshot
auto-mounting at all (whether through zfs set or sysctl) instead of
attempting to extend it with access control.
Regards,
Jan
More information about the freebsd-fs
mailing list