ZFS The .zfs snap directory is world readable

All owner and access right properties inside snapshots are untouched (as it always should be); so regular users still can't access or modify stuff that they didn't had the proper access rights to before it landed in the snapshot.
OTOH, the .zfs path being world-readable *does* allow regular users to access snapshots of their own /home without any special configuration or the need to give them special access rights.

I'd say a snapshot mechanism should _never_ tamper with ownership/rights or any other file properties - if you can't trust your local users there are other mechanisms (chroot, (readonly/nullfs mounted) jails...) to prevent them from poking around the host, but thats not the job of a filesystem/backup mechanism.
 
If users without privileges can only see what is theirs and not others i consider it safe. So they can lookup their own history.
 
Seeing what snapshots are there vs being able to mount and actually access them are drastically different things.

Lots of system directories are world readable, like /etc, /bin, /sbin, /root but a nonpriveleged user can only look but not modify.

Snapshots have a bunch of properties; a user needs to be granted rights/permissions to use snapshots on a dataset. If they don't have rights on the dataset, they can't do anything with the snapshots.

I don't think the .zfs directory being world readable is an issue.
 
You must log in or register to reply here.
Back
Top