Is 'zfs send' a safe read only command?
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I would allow server A to be backed up by server B, without allowing any server to modify the other server.
non-root user zfsbackup @ server A is allowed to use only zfs send
:
# serverA: /etc/sudoers.d/zfsbackup
zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *
Which makes it possible for server B to perform a backup of server A like this:
root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol
Question is:
Can a malicious user do any damage using the
zfs send *
command? Or is this command completely read only?
security sudo zfs
add a comment |Â
up vote
1
down vote
favorite
I would allow server A to be backed up by server B, without allowing any server to modify the other server.
non-root user zfsbackup @ server A is allowed to use only zfs send
:
# serverA: /etc/sudoers.d/zfsbackup
zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *
Which makes it possible for server B to perform a backup of server A like this:
root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol
Question is:
Can a malicious user do any damage using the
zfs send *
command? Or is this command completely read only?
security sudo zfs
I understand that zfs delegation withzfs allow
command is the preferred way to do this, but it is not available in ZoL 0.6.5.
â John
Dec 14 '17 at 16:30
add a comment |Â
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I would allow server A to be backed up by server B, without allowing any server to modify the other server.
non-root user zfsbackup @ server A is allowed to use only zfs send
:
# serverA: /etc/sudoers.d/zfsbackup
zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *
Which makes it possible for server B to perform a backup of server A like this:
root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol
Question is:
Can a malicious user do any damage using the
zfs send *
command? Or is this command completely read only?
security sudo zfs
I would allow server A to be backed up by server B, without allowing any server to modify the other server.
non-root user zfsbackup @ server A is allowed to use only zfs send
:
# serverA: /etc/sudoers.d/zfsbackup
zfsbackup ALL = (root) NOPASSWD: /sbin/zfs send *
Which makes it possible for server B to perform a backup of server A like this:
root@serverB~:# ssh zfsbackup@serverA sudo zfs send -i tank/vol@yesterday tank/vol@today | zfs receive tank/vol
Question is:
Can a malicious user do any damage using the
zfs send *
command? Or is this command completely read only?
security sudo zfs
asked Dec 14 '17 at 16:26
John
83
83
I understand that zfs delegation withzfs allow
command is the preferred way to do this, but it is not available in ZoL 0.6.5.
â John
Dec 14 '17 at 16:30
add a comment |Â
I understand that zfs delegation withzfs allow
command is the preferred way to do this, but it is not available in ZoL 0.6.5.
â John
Dec 14 '17 at 16:30
I understand that zfs delegation with
zfs allow
command is the preferred way to do this, but it is not available in ZoL 0.6.5.â John
Dec 14 '17 at 16:30
I understand that zfs delegation with
zfs allow
command is the preferred way to do this, but it is not available in ZoL 0.6.5.â John
Dec 14 '17 at 16:30
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?
While the zfs send
command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?
While the zfs send
command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.
add a comment |Â
up vote
0
down vote
accepted
Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?
While the zfs send
command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?
While the zfs send
command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.
Can a malicious user do any damage using the zfs send * command? Or is this command completely read only?
While the zfs send
command doesn't modify the contents of the file-system, it's still possible for a malicious user to use it to DoS your system by saturating the file-system and sometimes the network, depending on how evil they choose to be.
answered Dec 16 '17 at 18:33
Peter
1066
1066
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f410911%2fis-zfs-send-a-safe-read-only-command%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
I understand that zfs delegation with
zfs allow
command is the preferred way to do this, but it is not available in ZoL 0.6.5.â John
Dec 14 '17 at 16:30