[TUHS] Quotas - did anyone ever use them?
Michael Kjörling
michael at kjorling.se
Sat Jun 1 02:38:52 AEST 2019
On 31 May 2019 10:15 -0600, from tuhs at minnie.tuhs.org (Grant Taylor via TUHS):
>>> * snapshots are readonly, and thus, immune to ransomware
>>> attacks;
>>
>> Let's hope said ransomware isn't smart enough to run "zfs list X -t
>> snapshot" and "zfs destroy X at Y".
>
> (Baring any local privilege escalation....) I think that ZFS would protect
> (snapshots) against ransomware running as an unprivileged user that can't
> run zfs / zpool commands.
Yes, and that's the point I was (trying to) make: snapshots are only
immune to ransomware as long as (a) said ransomware isn't running as
root, and (b) said ransomware can't escalate to having root access (or
whatever capabilities might be required to poke around ZFS snapshots),
and of course (c) said ransomware doesn't know about ZFS snapshots.
Snapshots definitely raise the bar, which is a good thing, not to
mention how useful they are for bona fide "oh carp" moments. I do
however feel that "immune" is a bit too strong a word.
>> And while "zfs list" is Mostly Harmless, let's hope the sysadmin is
>> smart enough to not let arbitrary users run "zfs destroy" anything
>> important.
>
> I have found the zfs and zpool command sufficiently easy to allow limited
> access via appropriate sudoers entries.
I'm pretty sure at least ZoL for Debian comes packages with a sudoers
file where all you need to do to allow read-only ZFS sudo access to
normal users is uncomment one or a few lines. It's been a while since
I set it up.
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
“The most dangerous thought that you can have as a creative person
is to think you know what you’re doing.” (Bret Victor)
More information about the TUHS
mailing list