Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 8 Nov 2019 12:34:21 +0100
From:      Jan Behrens <jbe-mlist@magnetkern.de>
To:        Peter Eriksson <pen@lysator.liu.se>, "Kevin P. Neal" <kpn@neutralgood.org>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: ZFS snapdir readability (Crosspost)
Message-ID:  <20191108123421.1974645718e1e7283a4817ee@magnetkern.de>
In-Reply-To: <FBB088B0-CE5C-45DC-8F2F-0D0AA2703846@lysator.liu.se>
References:  <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de> <FBB088B0-CE5C-45DC-8F2F-0D0AA2703846@lysator.liu.se>
next in thread | previous in thread | raw e-mail | index | archive | help 
> > I recently noticed that all ZFS filesystems in FreeBSD allow access to
> > the .zfs directory (snapdir) for all users of the system. [...]

On Thu, 7 Nov 2019 23:06:24 +0100
Peter Eriksson <pen@lysator.liu.se> wrote:

> The “easy” solution is to give each user (or group / project) their own ZFS filesystem. Then the “.zfs” directory would be inside the users own $HOME and you can set $HOME to 0700….
> 
> That is what we are doing. Granted it generates a “few” filesystems (like some 20000 per server (we have around 120k users), and then add hourly snapshots to each as “icing” on the cake). Mounting all those takes a bit of time - but luckily with the latest FreeBSD release things are much faster these days :-)
> 
> There are some other issues with that - like 100% full filesystems causing severe system slowdown during writes… So you really wanna have some monitoring system that warns for that.
> 
> - Peter

This would also allow per-user deletion of snapshots, which may come in
handy in certain scenarios where making data only accessible by root is
not sufficient, such as legal requirements to delete some user's data.

However, it (currently) only works in those cases where the root of
each filesystem is chmod 700, i.e. where an entire filesystem hierarchy
is only readable by a single user. This makes sharing data between users
on those filesystems impossible.

I'd much prefer the proposal made by "Kevin P. Neal" <kpn@neutralgood.org> earlier in this thread, on Thu, 7 Nov 2019 10:19:23 -0500:

"Kevin P. Neal" <kpn@neutralgood.org> wrote:

> On Thu, Nov 07, 2019 at 09:54:11AM -0500, mike tancsa wrote:
> > 
> > Still, it would be a nice feature to have where .zfs could be set to
> > root only read.    In a multi user system, my users (me included) do all
> > sorts of accidental foot shooting things like making files readable for
> 
> Or only readable to the owner of the top directory in the dataset? As
> an option.

In cases where users need to access their own snapshots, filesystems
for each user can be created. In cases where this is not necessary,
i.e. where I just want to make a root-readable backup (or replication
snapshot), a single command such as

zfs set snapdir=restrict_to_fs_owner /usr/home

would suffice. I prefer this a lot over having to create dozens (or
hundreds) of filesystems just to fix an issue with access rights.

Regards,
Jan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191108123421.1974645718e1e7283a4817ee>