ZFS zfs snapshot read only enforcement

G

genfoch01

I am just looking into zfs because i am setting up a freenas server so this may be a stupid question but i have been unable to find an explanation of how a snapshot is read only when the permissions seem to show the opposite. let me explain:

my freenas is running 12.2-RELEASE-p2

I have a zfs pool with a .zfs/snapshot folder in it with a single snapshot.
Code: 
root@hal[~]# zfs list -t snapshot
NAME                                          USED  AVAIL     REFER  MOUNTPOINT
diskpool/nasdataset@manual-2021-01-24_12-38     0B      -     61.1M  -

This is a snapshot of an smb share in which the user and group are "reader". That is user reader and group reader have full access to all files in the share.

Going into the .zfs/snapshot folder I can see the manual snapshot folder is owned by root:wheel as I would expect to enforce read only ( at least from user "reader" perspective )
Code: 
root@hal[/mnt/diskpool/nasdataset/.zfs/snapshot]# ls -lt
total 12
drwxrwx---+ 3 root  wheel  3 Jan 22 17:41 manual-2021-01-24_12-38

root@hal[/mnt/diskpool/nasdataset/.zfs/snapshot]# getfacl manual-2021-01-24_12-38
# file: manual-2021-01-24_12-38
# owner: root
# group: wheel
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
       user:reader:r-x---a-R-c---:fd-----:allow
         everyone@:--------------:fd-----:allow
But looking at a folder inside the snapshot it appears owner group are now reader:reader and it has full rights
Code: 
root@hal[....zfs/snapshot/manual-2021-01-24_12-38]# getfacl test
# file: test
# owner: reader
# group: reader
            owner@:rwxpDdaARWcCos:fd-----:allow
            group@:rwxpDdaARWcCos:fd-----:allow
         everyone@:--------------:fd-----:allow
root@hal[....zfs/snapshot/manual-2021-01-24_12-38]#
root@hal[....zfs/snapshot/manual-2021-01-24_12-38]#
root@hal[....zfs/snapshot/manual-2021-01-24_12-38]#
I understand that ZFS is a COW so its going to copy the permissions of the files/folders but I don't see what keeps user reader from going into this snapshot and deleting files, which i think would really mess up the entire pool. at the same time my understanding is all snapshots are read only. So if a snapshot is read only how is that enforced or is it not. any explanation of this or a link explaining it would be really helpful.

Thanks for your time!
 
genfoch01 said:
i am setting up a freenas server
Click to expand...
GhostBSD, pfSense, TrueNAS, and all other FreeBSD Derivatives

Snapshots are always read-only, regardless of file permissions.

genfoch01 said:
I understand that ZFS is a COW so its going to copy the permissions of the files/folders
Click to expand...
ZFS doesn't copy anything when making snapshots. It keeps track of data blocks and holds onto "old" blocks. A COW filesystem doesn't overwrite existing data blocks.

genfoch01 said:
So if a snapshot is read only how is that enforced
Click to expand...
ZFS enforces this. File permissions or ACLs have nothing to do with it. It's more like mounting a filesystem read-only. Even if the permissions say you have write access it's still going to be mounted read-only.
 
Just to extend on what SirDice said, a snapshot is simply a way to view the filesystem at a specific point in time. Nothing is copied and nothing is changed. You see every bit of the data down to attributes and permissions, exactly as it was when the snapshot was taken. You may actually *want* to see what the permissions were at the time a snapshot was taken.

Of course, because you are looking at a snapshot, it is completely read-only by definition. ZFS will not allow anything to change.
 
SirDice and usdmatt,
thanks for the response! now that I understand a snapshot is a read only point in time image of the file system. The file permissions are irrelevant as the snapshots integrity ( in this case read only ) is enforced by zfs.

that leaves me with two questions :

is there any danger to the fs or pool in exposing the snapshot folder in an smb share? I'm assuming no since the snapshot is read only

if zfs enforces the read only nature of the snapshot, how does that work with root which can delete anything? if root tried to force delete a file inside a snapshot would that generate an error message and leave the snapshot intact?
 
genfoch01 said:
how does that work with root which can delete anything?
Click to expand...
Root can't delete anything that's mounted read-only either. Root ignores file permissions yes, but we already told you those are largely irrelevant.

Code: 
root@molly:~/test # mount /dev/md0 /mnt/
root@molly:~/test # touch /mnt/test.txt
root@molly:~/test # ll /mnt
total 8
drwxrwxr-x  2 root  operator  512 Feb  1 16:04 .snap/
-rw-r--r--  1 root  wheel       0 Feb  1 16:16 test.txt
root@molly:~/test # umount /mnt
root@molly:~/test # mount -o ro /dev/md0 /mnt/
root@molly:~/test # ll /mnt/
total 8
drwxrwxr-x  2 root  operator  512 Feb  1 16:04 .snap/
-rw-r--r--  1 root  wheel       0 Feb  1 16:16 test.txt
root@molly:~/test # rm /mnt/test.txt
override rw-r--r-- root/wheel for /mnt/test.txt? y
rm: /mnt/test.txt: Read-only file system
root@molly:~/test #
root@molly:~/test # ll /mnt/
total 8
drwxrwxr-x  2 root  operator  512 Feb  1 16:04 .snap/
-rw-r--r--  1 root  wheel       0 Feb  1 16:16 test.txt
 
I use the following samba options to make all my snapshots viewable by using the previous versions tab in Windows.

Code: 
[sharename]
   path = /pool/dataset
   .. basic samba options / auth / etc ..

   vfs objects = shadow_copy2
   shadow:format = %d-%m-%Y
   shadow:sort = desc
   shadow:snapdir = .zfs/snapshot

Note that in this case my snapshots are just called for example "15-01-2021". You'd have to change the format option if the snapshots have different names. I also found that I had to "touch" the dataset root folder before taking each daily snapshot to get the date to appear correctly in the Windows snapshot list.

It seems to work well for me though and is a very useful ability.
 
You must log in or register to reply here.
Back
Top