ZFS The .zfs snap directory is world readable

Alain De Vos

Daemon

Reaction score: 649
Messages: 2,172

The .zfs snap directory is world readable. Is this not a security concern ?
Code:
zpool set listsnapshots=on tank
 

sko

Aspiring Daemon

Reaction score: 404
Messages: 708

All owner and access right properties inside snapshots are untouched (as it always should be); so regular users still can't access or modify stuff that they didn't had the proper access rights to before it landed in the snapshot.
OTOH, the .zfs path being world-readable *does* allow regular users to access snapshots of their own /home without any special configuration or the need to give them special access rights.

I'd say a snapshot mechanism should _never_ tamper with ownership/rights or any other file properties - if you can't trust your local users there are other mechanisms (chroot, (readonly/nullfs mounted) jails...) to prevent them from poking around the host, but thats not the job of a filesystem/backup mechanism.
 
OP
Alain De Vos

Alain De Vos

Daemon

Reaction score: 649
Messages: 2,172

If users without privileges can only see what is theirs and not others i consider it safe. So they can lookup their own history.
 

mer

Aspiring Daemon

Reaction score: 336
Messages: 550

Seeing what snapshots are there vs being able to mount and actually access them are drastically different things.

Lots of system directories are world readable, like /etc, /bin, /sbin, /root but a nonpriveleged user can only look but not modify.

Snapshots have a bunch of properties; a user needs to be granted rights/permissions to use snapshots on a dataset. If they don't have rights on the dataset, they can't do anything with the snapshots.

I don't think the .zfs directory being world readable is an issue.
 
Top