Date: Mon, 14 Aug 2017 08:57:54 -0400 From: Mike Tancsa <mike@sentex.net> To: Borja Marcos <borjam@sarenet.es> Cc: "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org> Subject: Re: protecting zfs snapshot info Message-ID: <5e3145ab-246a-f213-80b0-000dd801fbef@sentex.net> In-Reply-To: <52984307-2C6C-454C-A69B-15FB4AE01E1B@sarenet.es> References: <d7fa3f0c-e00a-9c41-5430-1f381f71d3e0@sentex.net> <52984307-2C6C-454C-A69B-15FB4AE01E1B@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/14/2017 2:47 AM, Borja Marcos wrote: > >> On 12 Aug 2017, at 19:14, Mike Tancsa <mike@sentex.net> wrote: >> >> >> Is there a way in zfs to protect non root users from seeing snapshots ? >> lets say a user makes a permissions mistake on a sensitive homedirectory >> on a Monday AM that is not discovered until the next day. If there are >> a whole mess of snapshots created between those two points in time, >> there is no way to protect that directory without deleting the snapshots. > > Good question and it’s a problem indeed. The .zfs directory is always created > and it can be hidden but it’s still accessible. It’s a security problem that prevents > an effective access revocation for a directory/file, I guess that’s what you mean. Yes, something like an extra option hidden | visible | unmounted ---Mike -- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5e3145ab-246a-f213-80b0-000dd801fbef>