Date: Thu, 7 Nov 2019 23:06:24 +0100 From: Peter Eriksson <pen@lysator.liu.se> To: Jan Behrens <jbe-mlist@magnetkern.de> Cc: freebsd-fs@freebsd.org Subject: Re: ZFS snapdir readability (Crosspost) Message-ID: <FBB088B0-CE5C-45DC-8F2F-0D0AA2703846@lysator.liu.se> In-Reply-To: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de> References: <20191107004635.c6d2e7d464d3d556a0d87465@magnetkern.de>
next in thread | previous in thread | raw e-mail | index | archive | help
The =E2=80=9Ceasy=E2=80=9D solution is to give each user (or group / = project) their own ZFS filesystem. Then the =E2=80=9C.zfs=E2=80=9D = directory would be inside the users own $HOME and you can set $=08HOME = to 0700=E2=80=A6. That is what we are doing. Granted it generates a =E2=80=9Cfew=E2=80=9D = filesystems (like some 20000 per server (we have around 120k users), and = then add hourly snapshots to each as =E2=80=9Cicing=E2=80=9D on the = cake). Mounting all those takes a bit of time - but luckily with the = latest FreeBSD release things are much faster these days :-) There are some other issues with that - like 100% full filesystems = causing severe system slowdown during writes=E2=80=A6 So you really = wanna have some monitoring system that warns for that. - Peter >=20 > I recently noticed that all ZFS filesystems in FreeBSD allow access to > the .zfs directory (snapdir) for all users of the system. It is > possible to hide that directory using the snapdir option:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FBB088B0-CE5C-45DC-8F2F-0D0AA2703846>