From owner-freebsd-fs@freebsd.org  Fri Nov 22 14:36:42 2019
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 53C1B1B9D13
 for <freebsd-fs@mailman.nyi.freebsd.org>; Fri, 22 Nov 2019 14:36:42 +0000 (UTC)
 (envelope-from jbe-mlist@magnetkern.de)
Received: from sapphire.magnetkern.de (sapphire.magnetkern.de
 [185.228.139.199])
 by mx1.freebsd.org (Postfix) with ESMTP id 47KJsP2xWHz3MZM
 for <freebsd-fs@freebsd.org>; Fri, 22 Nov 2019 14:36:41 +0000 (UTC)
 (envelope-from jbe-mlist@magnetkern.de)
Received: from titanium (p57A35420.dip0.t-ipconnect.de [87.163.84.32])
 by sapphire.magnetkern.de (Postfix) with ESMTPSA id 130492005E;
 Fri, 22 Nov 2019 14:36:30 +0000 (UTC)
Date: Fri, 22 Nov 2019 15:36:29 +0100
From: Jan Behrens <jbe-mlist@magnetkern.de>
To: Borja Marcos <borjam@sarenet.es>
Cc: mike tancsa <mike@sentex.net>, Martin Simmons <martin@lispworks.com>,
 freebsd-fs@freebsd.org
Subject: Re: ZFS snapdir readability (Crosspost)
Message-Id: <20191122153629.2278467855a646a4c0b8f2b4@magnetkern.de>
In-Reply-To: <ADA12C79-3A2C-41EE-B44B-595364DEE6BF@sarenet.es>
References: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de>
 <CAOtMX2huHZcXHH+=3Bx7hX_p9udJ2acOX+ZL8vW=pjqbe6mOAA@mail.gmail.com>
 <e2eecef7-21b6-0ff2-b259-71421b7d097c@sentex.net>
 <9B22AD46-BE87-4305-9638-74D23AD4C8CA@sarenet.es>
 <cfcc12dd-e9eb-5a98-a031-ab18436a2dd3@sentex.net>
 <261FE331-EC5C-48C8-9249-9BCBF887CE38@sarenet.es>
 <913f7040-6e38-452d-6187-e17fae63b652@sentex.net>
 <20191120144041.7f916360dc0c69bf509c9bd1@magnetkern.de>
 <AEF4CA02-36B3-42FC-BE92-14DF0AF99540@sarenet.es>
 <20191120163437.691abd369ab9c0a6d7d45ff2@magnetkern.de>
 <CF38B478-3638-4C18-B69F-E589DE9BBB95@sarenet.es>
 <20191120175803.03401c3316fe756cc46f79f1@magnetkern.de>
 <201911211119.xALBJSIW030544@higson.cam.lispworks.com>
 <20191121174926.17bf250f4c65964620811554@magnetkern.de>
 <e3447f90-931d-6f74-fd13-a0d4fff8b115@sentex.net>
 <ADA12C79-3A2C-41EE-B44B-595364DEE6BF@sarenet.es>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Rspamd-Queue-Id: 47KJsP2xWHz3MZM
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of jbe-mlist@magnetkern.de designates
 185.228.139.199 as permitted sender) smtp.mailfrom=jbe-mlist@magnetkern.de
X-Spamd-Result: default: False [-1.47 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 RECEIVED_SPAMHAUS_PBL(0.00)[32.84.163.87.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.10]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4];
 R_SPF_ALLOW(-0.20)[+mx]; MV_CASE(0.50)[];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[magnetkern.de];
 NEURAL_HAM_LONG(-0.93)[-0.930,0]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 NEURAL_HAM_MEDIUM(-0.98)[-0.978,0];
 IP_SCORE(0.14)[ipnet: 185.228.136.0/22(1.33), asn: 197540(-0.63), country:
 DE(-0.01)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:197540, ipnet:185.228.136.0/22, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Nov 2019 14:36:42 -0000

On Fri, 22 Nov 2019 09:41:52 +0100
Borja Marcos <borjam@sarenet.es> wrote:

> > On 21 Nov 2019, at 17:59, mike tancsa <mike@sentex.net> wrote:
> > 
> > On 11/21/2019 11:49 AM, Jan Behrens wrote:
> >> 
> >> As far as I know, there is no way to disable having .zfs/snapshot
> >> readable by everyone, is that correct?
> > 
> > I believe so.  Hence the request to add a zfs feature to add a new
> > option to snapdir along the lines of
> > 
> > zfs set snapdir=inaccessible <filesystem>
> > or
> > zfs set snapdir=rootonly <filesystem>
> 
> Instead of “inaccessible" I would say “disable” because it’s not only preventing access. It is
> preventing an actual action from taking place: the automatic mounting of the snapshots
> below .zfs/snapshot. So. “disable” is more descriptive.
> 
> What about a third option, “owneronly”? Although I think it should be controlled by 
> the vfs.usermount property. 
> 
> Borja.

I definitely would appreciate one of "rootonly" or "owneronly". I
believe this is what most people would want/need. For me, either would
suffice. I like the automounting feature, if it could be limited to
root or the owner of the filesystem.

"owneronly" (in contrast to "rootonly") would also support those cases
where users shall be allowed to access the snapshots of their
directories.

How about "grouponly" and "wheelonly" (in addition to "rootonly",
"owneronly", and "disable")? I guess that would cover pretty much
everything, though it might be a bit clunky to add all these options.

An alternative would be to simply provide a way to disable zfs snapshot
auto-mounting at all (whether through zfs set or sysctl) instead of
attempting to extend it with access control.

Regards,
Jan