Is 'zfs send' a safe read only command?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
1
down vote

favorite












I would allow server A to be backed up by server B, without allowing any server to modify the other server.



non-root user zfsbackup @ server A is allowed to use only zfs send:



# serverA: /etc/sudoers.d/zfsbackup 

zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *


Which makes it possible for server B to perform a backup of server A like this:



root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol


Question is:




Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?








share|improve this question




















  • I understand that zfs delegation with zfs allow command is the preferred way to do this, but it is not available in ZoL 0.6.5.
    – John
    Dec 14 '17 at 16:30














up vote
1
down vote

favorite












I would allow server A to be backed up by server B, without allowing any server to modify the other server.



non-root user zfsbackup @ server A is allowed to use only zfs send:



# serverA: /etc/sudoers.d/zfsbackup 

zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *


Which makes it possible for server B to perform a backup of server A like this:



root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol


Question is:




Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?








share|improve this question




















  • I understand that zfs delegation with zfs allow command is the preferred way to do this, but it is not available in ZoL 0.6.5.
    – John
    Dec 14 '17 at 16:30












up vote
1
down vote

favorite









up vote
1
down vote

favorite











I would allow server A to be backed up by server B, without allowing any server to modify the other server.



non-root user zfsbackup @ server A is allowed to use only zfs send:



# serverA: /etc/sudoers.d/zfsbackup 

zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *


Which makes it possible for server B to perform a backup of server A like this:



root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol


Question is:




Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?








share|improve this question












I would allow server A to be backed up by server B, without allowing any server to modify the other server.



non-root user zfsbackup @ server A is allowed to use only zfs send:



# serverA: /etc/sudoers.d/zfsbackup 

zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *


Which makes it possible for server B to perform a backup of server A like this:



root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol


Question is:




Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?










share|improve this question











share|improve this question




share|improve this question










asked Dec 14 '17 at 16:26









John

83




83











  • I understand that zfs delegation with zfs allow command is the preferred way to do this, but it is not available in ZoL 0.6.5.
    – John
    Dec 14 '17 at 16:30
















  • I understand that zfs delegation with zfs allow command is the preferred way to do this, but it is not available in ZoL 0.6.5.
    – John
    Dec 14 '17 at 16:30















I understand that zfs delegation with zfs allow command is the preferred way to do this, but it is not available in ZoL 0.6.5.
– John
Dec 14 '17 at 16:30




I understand that zfs delegation with zfs allow command is the preferred way to do this, but it is not available in ZoL 0.6.5.
– John
Dec 14 '17 at 16:30










1 Answer
1






active

oldest

votes

















up vote
0
down vote



accepted











Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?




While the zfs send command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.






share|improve this answer




















    Your Answer







    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    convertImagesToLinks: false,
    noModals: false,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );








     

    draft saved


    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410911%2fis-zfs-send-a-safe-read-only-command%23new-answer', 'question_page');

    );

    Post as a guest






























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes








    up vote
    0
    down vote



    accepted











    Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?




    While the zfs send command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.






    share|improve this answer
























      up vote
      0
      down vote



      accepted











      Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?




      While the zfs send command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.






      share|improve this answer






















        up vote
        0
        down vote



        accepted







        up vote
        0
        down vote



        accepted







        Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?




        While the zfs send command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.






        share|improve this answer













        Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?




        While the zfs send command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 16 '17 at 18:33









        Peter

        1066




        1066






















             

            draft saved


            draft discarded


























             


            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410911%2fis-zfs-send-a-safe-read-only-command%23new-answer', 'question_page');

            );

            Post as a guest













































































            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?