Date: Mon, 08 Apr 2013 12:11:04 -0700 From: John Theus <john@theusgroup.com> To: lev@FreeBSD.org Cc: freebsd-fs@freebsd.org Subject: Re: ZFS snapshots and daily security checks Message-ID: <20130408191104.98B90F1A@server.theusgroup.com> In-Reply-To: <1884594284.20130408125002@serebryakov.spb.ru> References: <20130408005438.GA66727@icarus.home.lan> <1504594172.20130408114200@serebryakov.spb.ru> <20130408080738.GA73905@icarus.home.lan> <1884594284.20130408125002@serebryakov.spb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> >JC> I don't know what to tell you -- my output clearly shows that after >JC> creating a snapshot with "zfs snapshot -r filesystem@snapname" that >JC> mount nor mount -p show anything. > What's really wander me, why is here difference between `mount' and > `mount -p' output on my system. It looks like `-p' option should be > cosmetic one... > >JC> I wonder if you have either pool or filesystem-level attributes which >JC> are causing your issue. > >JC> Here are mine, for the pool and filesystem I used in my previous mail >JC> (pool "data" and filesystem "data/home"): > >JC> data/home snapdir hidden default >pool/home snapdir visible default > > It is only not size- and date-related difference. So, we know why > here is difference between my and your `mount -p' outputs! (BTW, why > both values are default?!) > > And here is some conflict of interests: it is god to allow useres >restore their files from snapshots without my help (and it is require >visible snapshots), but it is very annoying output in security >checks... > > And why output of mount depends on visual option? I need to read > mount sources. > It doesn't. Snapdir is hidden and listsnapshots if off on all my pools and filesystems, and I see snapshots listed on mount -p, but NOT all snapshots. Running 9.1-STABLE #1 r248540M: Wed Mar 20 00:48:58 PDT 2013, but I've seen this behavior since zfs version 15. All my snapshots use the same format as zfSnap, and show their creation time and time-to-live. On some filesystems, snapshots are made as frequently as 5 minutes, but only live a couple of hours. Other snapshots are made daily that live weeks. When I do a mount -p, the only snapshots that show up are the ones that were made on the once per day and once per week schedule. These snapshots were used for daily backups using zfs send. The snapshots that live for multiple days, but are not used for a backup do not show up. I have not looked any deeper, and took the easy route to clean up the security reports but setting daily_status_security_chkmounts_enable="NO" in periodic.conf. John Theus TheUsGroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130408191104.98B90F1A>