From owner-freebsd-fs@FreeBSD.ORG Mon Apr 8 09:49:06 2013 Return-Path: Delivered-To: freebsd-fs@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 89063BF3 for ; Mon, 8 Apr 2013 09:49:06 +0000 (UTC) (envelope-from lev@FreeBSD.org) Received: from onlyone.friendlyhosting.spb.ru (onlyone.friendlyhosting.spb.ru [IPv6:2a01:4f8:131:60a2::2]) by mx1.freebsd.org (Postfix) with ESMTP id 502CBED5 for ; Mon, 8 Apr 2013 09:49:06 +0000 (UTC) Received: from lion.home.serebryakov.spb.ru (unknown [IPv6:2001:470:923f:1:900d:c887:884e:713b]) (Authenticated sender: lev@serebryakov.spb.ru) by onlyone.friendlyhosting.spb.ru (Postfix) with ESMTPA id EE05B4AC58; Mon, 8 Apr 2013 13:49:04 +0400 (MSK) Date: Mon, 8 Apr 2013 13:49:02 +0400 From: Lev Serebryakov Organization: FreeBSD Project X-Priority: 3 (Normal) Message-ID: <82684806.20130408134902@serebryakov.spb.ru> To: Jeremy Chadwick Subject: Re: ZFS snapshots and daily security checks In-Reply-To: <20130408093017.GA76398@icarus.home.lan> References: <20130408005438.GA66727@icarus.home.lan> <1504594172.20130408114200@serebryakov.spb.ru> <20130408080738.GA73905@icarus.home.lan> <1884594284.20130408125002@serebryakov.spb.ru> <20130408093017.GA76398@icarus.home.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-fs@freebsd.org X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: lev@FreeBSD.org List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2013 09:49:06 -0000 Hello, Jeremy. You wrote 8 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2013 =D0=B3., 13:30:17: JC> My theory is that your "pool" filesystem has the snapdir property as JC> visible, and therefore all filesystems under pool (ex. "pool/home") JC> would inherit the value. Nope :) It is "hidden, default" JC> Looking at the ZFS code, hidden **is** the default, even in r244958 JC> (which you're running): JC> http://svnweb.freebsd.org/base/stable/9/sys/cddl/contrib/opensolaris/co= mmon/zfs/zfs_prop.c?view=3Dannotate JC> See line 218. The 3rd parameter, ZFS_SNAPDIR_HIDDEN, is what defines JC> the default value. Pool and FS was created long time ago :) Ok, it is not very interesting, why it was set to "visible". Now we understand why snapshots were "mounted" and why only `mount -p' show them. Last question is how to make them mounted (to allow users use them) and don't have bogus 25 line difference (24 hourly snapshots and 1 daily snapshot) in each daily security report... It looks like, I need simply add properly crafted "grep -v" to security script --=20 // Black Lion AKA Lev Serebryakov