Solved Preventing data-set from automatic mount

M

mefizto

Greetings all,

I have some files with sensitive/personal content that I do not need to access frequently. Would it improve the files’ protection against, e.g., malicious software, intrusion, and the like, if I put them into a data-set and prevent automatic mount of the data-set, mounting them manually only when I need to access them?

As best I understand the zfs(8), preventing mount may be achieved by setting the mountpoint property to legacy, when:

“ZFS makes no attempt to manage the file system, and the administrator is responsible for mounting and unmounting the file system . . . [using] the traditional tools (mount(8), unmount(8), fstab(5))."

But it appears that this can also be achieved by using the canmount property, to be set to noauto. In this regards, the zfs(8) recites:

“When the noauto value is set, a dataset can only be mounted and unmounted explicitly. The dataset is not mounted automatically when the dataset is created or imported, nor is it mounted by the "zfs mount -a" command or unmounted by the "zfs umount -a" command.”

Since the data-set is mountable, does it mean that the above-mentioned traditional tools mount(8), unmount(8), fstab(5) are to be used?

Am I reading the man-page incorrectly? Also, would it be possible to hide the data set so that casual/unsophisticated observer does not see it?

Kindest regards,

M
 
In the end it's still security through obscurity, but sure: if it's not available all the time then there's definitely a sense of added security.

The easiest way to achieve this is to set the canmount property to noauto, so don't mess with the mountpoint: # zfs set canmount=noauto zroot/data, for example.

(edit) Overlooked your question: no, this only means that the filesystem needs to be mounted explicitly. So: # zfs mount zroot/data would easily work, but when # zfs mount -a is ran then this file system would be ignored.
 
Hi ShelLuser,

first, thank you for answering my question.

On a more philosophical issue, my understanding of the term "security by obscurity" is security relying on a design and/or implementation that is unknown (, obscured from, secret) to the attacker. Is not mounting the data-set more akin to removing, e.g., media containing the data? That is, would you consider an air-gaped computer to be secure by obscurity?
Kindest regards,
M
 
mefizto said:
On a more philosophical issue, my understanding of the term "security by obscurity" is security relying on a design and/or implementation that is unknown (, obscured from, secret) to the attacker. Is not mounting the data-set more akin to removing, e.g., media containing the data?
Click to expand...
It's a gray area, because on ZFS you're not really hiding anything. A mere zfs list would be enough to list the filesystem as being available, and by default any regular user can run that command.

As such my comment above. It would definitely help against automated attacks, but it wouldn't be fool proof.

Still, re-reading this thread: why not simply set the whole thing read only? # zfs set readonly=on zroot/data. You keep access to your data (but readonly) and no attacker would be able to damage that data in any way. Once you need to provide updates you can set readonly to off and get to work. Maybe food for thought?
 
Hi ShelLuser,

thank you once again, I have learnt something new, so today was not lost.

Yes, my main concern is an automated attack when I am on-line. But sometimes, I forget to lock the computer when I step out for a while. But, since they are all on Windows they will not have the sophistication. Thus leaving the data-set unmounted is preferable, because no filenames will be revealed.
Kindest regards,
M
 
You must log in or register to reply here.
Back
Top