Thursday Sep 21, 2006

ZFS @ The Cambridge Solaris User Group

Last night I went and demonstrated ZFS at the Cambridge Solaris User Group. This was fun for 3 reasons:

  1. I got to see a presentation on Xen by Steven Hand.

  2. I got to see a presentation from Sun on Sun Ray and the global secure desktop.

  3. I got asked some interesting questions.

Most of the interesting questions I could give good answers to but the two that sort of stumped me were:

  1. ZFS quotas and snapshots. The question boiled down to a requirement to have snapshots not included in the users quota. Otherwise you get into the situation where the user can't delete anything as it is all backed by snapshots so there is no way to recover the space.

    Searching the ZFS mailing list on opensolaris.org this has come up before in this thread. There is even a change request already filed:

    6431277 want filesystem-only quotas

  2. Permissions on the .zfs/snaphost mountpoints.

    The problem was this. Suppose a user has a file in their home directory and they make it mode 644. Then a snapshot is taken. Then the user realises that perhaps the permissions are inappropriate and changes them to 600. However the old version is still in the .zfs/snapshot directory with mode 644, hence readable.

    It is true that this really exposes an process issue in that the data was public and since we don't have mandatory access control we really have to trust the users to do the right thing. If someone came across the file in the window between being created and the permissions being fixed the data is out. However, in the real world, the snapshot increases the risk.

    I'm left wondering if you should be able to set and ACL on the .zfs and or .zfs/snapshot directory so that only the “owner” or owners of the file system could access the directory.

    6338043 need a method to access snapshots in alternate locations

    Seems to be a starting point, in that you could mount the snapshots under a directory of your choice with an ACL, but that would be a hack. Need to start this discussion over on the the ZFS discussion forum.

All in all a pleasant evening even if I did not get home until after midnight. As I was leaving the event one of the locals was carrying his pannier to his bike to ride home and I actually thought it would have been cool to have brought the bike up by train and then ride home through the night. Only 100 miles. Luckily I did not think of this earlier!

Tags:

About

This is the old blog of Chris Gerhard. It has mostly moved to http://chrisgerhard.wordpress.com

Search

Archives
« April 2014
MonTueWedThuFriSatSun
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
    
       
Today