Feature Request: Software WORM

Basti.K77 · Mar 5, 2020

I have a question:
Is it possible to implement some kind of software WORM for individual shares.

The goal would be that the user has write permissions to this directory for a period of time X.
After the time expires, the write permissions are automatically removed from the "new" file.

However, an administrator should still have full write access to the files in order to clean up.

I am aware that this is not audit-proof, but for many cases it is enough.

seanm · Mar 5, 2020

@Basti.K77 There is a WORM VFS module documented here:

11. Sharing — FreeNAS®11.2-U8 User Guide Table of Contents

www.ixsystems.com

I was going to link you to the 11.3 docs, but WORM is no longer mentioned there, and I just checked and it's gone from the UI ! Odd.

@anodos what happened to WORM? The release notes don't say anything about it's removal. I rely on that feature... say it's not gone!

anodos · Mar 5, 2020

seanm said:
@Basti.K77 There is a WORM VFS module documented here:

11. Sharing — FreeNAS®11.2-U8 User Guide Table of Contents

www.ixsystems.com

I was going to link you to the 11.3 docs, but WORM is no longer mentioned there, and I just checked and it's gone from the UI ! Odd.

@anodos what happened to WORM? The release notes don't say anything about it's removal. I rely on that feature... say it's not gone!

We still compile with it. I made a PR to add it to our whitelist filter for modules in the GUI. The module is useful in narrowly-defined situations.

seanm · Mar 5, 2020

Could you share the PR link? Need me to create a ticket? So was it removed accidentally?

I find it super useful in at least 2 situations:
- we have an Archives share, where various employees can drop things, but no one can accidentally delete anything after a few days.
- we have a NightlyBuilds share, where our bots copy our compiled application every night. If the script goes crazy, it can't delete anything.

Yes, there's also snapshots and backups, but it's nice to stop problems earlier.

So in 11.3 it's actually gone? can it be re-enabled by aux parameter or otherwise?

anodos · Mar 5, 2020

seanm said:
Could you share the PR link? Need me to create a ticket? So was it removed accidentally?

I find it super useful in at least 2 situations:
- we have an Archives share, where various employees can drop things, but no one can accidentally delete anything after a few days.
- we have a NightlyBuilds share, where our bots copy our compiled application every night. If the script goes crazy, it can't delete anything.

Yes, there's also snapshots and backups, but it's nice to stop problems earlier.

So in 11.3 it's actually gone? can it be re-enabled by aux parameter or otherwise?

You can just set a vfs objects line in the aux parameters "vfs objects = fruit streams_xattr ixnas worm". It will be re-added in 11.3-U2.

seanm · Mar 5, 2020

So checking with 'testparm -s' it seems my worms are still enabled. Looking forward to 11.3-U2 though!

Important Announcement for the TrueNAS Community.

Feature Request: Software WORM

Basti.K77

Cadet

seanm

Guru

11. Sharing — FreeNAS®11.2-U8 User Guide Table of Contents

anodos

Sambassador

11. Sharing — FreeNAS®11.2-U8 User Guide Table of Contents

seanm

Guru

anodos

Sambassador

seanm

Guru

Similar threads