From owner-freebsd-fs@freebsd.org  Mon Aug 14 06:54:27 2017
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9C57BDD8EE0
 for <freebsd-fs@mailman.ysv.freebsd.org>; Mon, 14 Aug 2017 06:54:27 +0000 (UTC)
 (envelope-from borjam@sarenet.es)
Received: from cu01176b.smtpx.saremail.com (cu01176b.smtpx.saremail.com
 [195.16.151.151])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 5FCB070996
 for <freebsd-fs@freebsd.org>; Mon, 14 Aug 2017 06:54:26 +0000 (UTC)
 (envelope-from borjam@sarenet.es)
Received: from [172.16.8.54] (unknown [192.148.167.11])
 by proxypop01.sare.net (Postfix) with ESMTPA id 578469DD407;
 Mon, 14 Aug 2017 08:47:45 +0200 (CEST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: protecting zfs snapshot info
From: Borja Marcos <borjam@sarenet.es>
In-Reply-To: <d7fa3f0c-e00a-9c41-5430-1f381f71d3e0@sentex.net>
Date: Mon, 14 Aug 2017 08:47:44 +0200
Cc: "freebsd-fs@freebsd.org" <freebsd-fs@freebsd.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <52984307-2C6C-454C-A69B-15FB4AE01E1B@sarenet.es>
References: <d7fa3f0c-e00a-9c41-5430-1f381f71d3e0@sentex.net>
To: Mike Tancsa <mike@sentex.net>
X-Mailer: Apple Mail (2.3273)
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Aug 2017 06:54:27 -0000


> On 12 Aug 2017, at 19:14, Mike Tancsa <mike@sentex.net> wrote:
>=20
>=20
> Is there a way in zfs to protect non root users from seeing snapshots =
?
> lets say a user makes a permissions mistake on a sensitive =
homedirectory
> on a Monday AM that is not discovered until the next day.  If there =
are
> a whole mess of snapshots created between those two points in time,
> there is no way to protect that directory without deleting the =
snapshots.

Good question and it=E2=80=99s a problem indeed. The .zfs directory is =
always created
and it can be hidden but it=E2=80=99s still accessible. It=E2=80=99s a =
security problem that prevents
an effective access revocation for a directory/file, I guess that=E2=80=99=
s what you mean.

Ideally, datasets should have a property preventing the snapshots to be =
auto mounted
when the relevant .zfs/snapshot directory was accessed or even =
preventing the creation
of .zfs.

Alternatively there could be a specific zfs permission covering this, =
like a  =E2=80=9Csnapaccess=E2=80=9D for
snapshot access or =E2=80=9Csnapmount=E2=80=9D for automatic mounting of =
snapshots, but it=E2=80=99s more
complicated to do.





Borja.