Mounting a ZFS snapshot by another user

Guillermo Marcus guillermo.marcus at gmail.com
Thu May 29 13:09:14 UTC 2014 

On 29 May 2014, at 13:09, CyberLeo Kitsana <cyberleo at cyberleo.net> wrote:

> On 05/28/2014 03:17 PM, Guillermo Marcus wrote:
>> Hi all,
>> 
>> I am using ZFS in a FreeBSD 10.0-RELEASE (10.0-RELEASE FreeBSD 10.0-RELEASE #0 r260789). I setup some scripts to create snapshots of my ZFS pool at regular intervals, and then another script to mount the latest snapshot of each dataset in the pool to a specific location, recreating a snapshot of my pool for backup. The goal is to use Bacula to always backup the snapshot, to avoid data being in an inconsistent state. The mount script is then executed by the bacula user at the beginning of the backup job. The scripts work fine, but I have an issue with the script being executed by the backup user and not the pool owner.
> 
> <snip>
> 
>> Here is the thing: it works only partially. Apparently, it requires that the mount point of the dataset be owned by the bacula user and not dataowner, even when the user bacula has full access. Example:
> 
> <snip>
> 
>> Can anyone explain what I am missing?
> 
> If I remember correctly, one of the security consolations inherent in
> vfs.usermount is that the user have sufficient access to both the source
> node and the target directory; to prevent, say, a mortal user mounting
> something over /bin or whatever.
> 

then this is hinting at a bug. The user has access to both the source and the target over ACLs, but is not respecting it.

> You may get a more consistent behaviour if you abstract the snapshot
> manipulation into a separate process which runs setuid root (through a
> setuid C binary, sudo, et cetera) and performs the necessary validation.
> That way, for example, the only thing with which your backup script
> would have to concern itself is in asking that a particular snapshot be
> mounted, and being handed back a fully populated directory upon which to
> operate.
> 
> I'm sure there are other ways it can be handled, but that is the one
> that springs immediately to mind.
> 

thanks, yes, there are many other ways to handle this, I wanted to avoid giving root access to the user or the script by delegating the permissions with the available infrastructure. Also, there are certain considerations when snapshotting some datasets (where a database lives), and regarding snapshot frequency (not all datasets snapshots are done at the same frequency).


Best wishes,
G. Marcus

> -- 
> Fuzzy love,
> -CyberLeo
> Technical Administrator
> CyberLeo.Net Webhosting
> http://www.CyberLeo.Net
> <CyberLeo at CyberLeo.Net>
> 
> Furry Peace! - http://www.fur.com/peace/

More information about the freebsd-questions mailing list