Date: Fri, 22 Nov 2019 15:36:29 +0100 From: Jan Behrens <jbe-mlist@magnetkern.de> To: Borja Marcos <borjam@sarenet.es> Cc: mike tancsa <mike@sentex.net>, Martin Simmons <martin@lispworks.com>, freebsd-fs@freebsd.org Subject: Re: ZFS snapdir readability (Crosspost) Message-ID: <20191122153629.2278467855a646a4c0b8f2b4@magnetkern.de> In-Reply-To: <ADA12C79-3A2C-41EE-B44B-595364DEE6BF@sarenet.es> References: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de> <CAOtMX2huHZcXHH%2B=3Bx7hX_p9udJ2acOX%2BZL8vW=pjqbe6mOAA@mail.gmail.com> <e2eecef7-21b6-0ff2-b259-71421b7d097c@sentex.net> <9B22AD46-BE87-4305-9638-74D23AD4C8CA@sarenet.es> <cfcc12dd-e9eb-5a98-a031-ab18436a2dd3@sentex.net> <261FE331-EC5C-48C8-9249-9BCBF887CE38@sarenet.es> <913f7040-6e38-452d-6187-e17fae63b652@sentex.net> <20191120144041.7f916360dc0c69bf509c9bd1@magnetkern.de> <AEF4CA02-36B3-42FC-BE92-14DF0AF99540@sarenet.es> <20191120163437.691abd369ab9c0a6d7d45ff2@magnetkern.de> <CF38B478-3638-4C18-B69F-E589DE9BBB95@sarenet.es> <20191120175803.03401c3316fe756cc46f79f1@magnetkern.de> <201911211119.xALBJSIW030544@higson.cam.lispworks.com> <20191121174926.17bf250f4c65964620811554@magnetkern.de> <e3447f90-931d-6f74-fd13-a0d4fff8b115@sentex.net> <ADA12C79-3A2C-41EE-B44B-595364DEE6BF@sarenet.es>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 22 Nov 2019 09:41:52 +0100 Borja Marcos <borjam@sarenet.es> wrote: > > On 21 Nov 2019, at 17:59, mike tancsa <mike@sentex.net> wrote: > > > > On 11/21/2019 11:49 AM, Jan Behrens wrote: > >> > >> As far as I know, there is no way to disable having .zfs/snapshot > >> readable by everyone, is that correct? > > > > I believe so. Hence the request to add a zfs feature to add a new > > option to snapdir along the lines of > > > > zfs set snapdir=inaccessible <filesystem> > > or > > zfs set snapdir=rootonly <filesystem> > > Instead of “inaccessible" I would say “disable” because it’s not only preventing access. It is > preventing an actual action from taking place: the automatic mounting of the snapshots > below .zfs/snapshot. So. “disable” is more descriptive. > > What about a third option, “owneronly”? Although I think it should be controlled by > the vfs.usermount property. > > Borja. I definitely would appreciate one of "rootonly" or "owneronly". I believe this is what most people would want/need. For me, either would suffice. I like the automounting feature, if it could be limited to root or the owner of the filesystem. "owneronly" (in contrast to "rootonly") would also support those cases where users shall be allowed to access the snapshots of their directories. How about "grouponly" and "wheelonly" (in addition to "rootonly", "owneronly", and "disable")? I guess that would cover pretty much everything, though it might be a bit clunky to add all these options. An alternative would be to simply provide a way to disable zfs snapshot auto-mounting at all (whether through zfs set or sysctl) instead of attempting to extend it with access control. Regards, Jan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191122153629.2278467855a646a4c0b8f2b4>