Freeze concept?

hendry

hendry

Explorer
Joined
May 24, 2018
Messages
98
I back up files into YYYY-MM-DD folders, like so:


1611915279_1918x1047.png



After some days, I want the folder to be frozen / immutable to change / readonly. What's the typical way to achieve that on zfs/TrueNAS?

Many thanks!
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
There isn't a "typical way" to do that, it's a weird request. Fortunately UNIX is flexible and loves weird.

You would probably want to write a script that sets chflags schg on your files and/or directories.

Note that FreeNAS does not run in securelevel, so it is possible to remove the schg flag in multiuser mode.
 
ChrisRJ

ChrisRJ

Wizard
Joined
Oct 23, 2020
Messages
1,919
What is the use-case for this requirement? Immutable data typically has a legal background and if that is the case, you will need special hard- and/or software plus procedures formally documented.
 
HoneyBadger

HoneyBadger

actually does care
Administrator
Moderator
iXsystems
Joined
Feb 6, 2014
Messages
5,112
There was just a recent thread about using the WORM VFS module in Samba; you can set a grace period and use it there if it's for a personal reason (anti-ransomware) rather than an industry requirement.

What does "Files become readonly of SMB after 5 minutes" do after all?

In the TrueNAS Documentation hub, there is mention of a "purpose" of an SMB share called Files become readonly of SMB after 5 minutes. What does that setting do? I couldn't find any other mention of it anywhere! I mean, I can understand what it should do (files become readonly after 5...
www.truenas.com www.truenas.com
 
hendry

hendry

Explorer
Joined
May 24, 2018
Messages
98
How do I know my archives have integrity? Is perhaps a better question. If I store a bunch of family pictures in the folder "2002", how do I know that some program mounted my share and did not corrupt the files?

Ordinarily I would perhaps `git add` and commit the files to have better confidence. So I'm curious if ZFS or some other strategy can help me sleep better at night?
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
Well there's a lot of stuff you *can* do.

I wasn't aware of the WORM module @HoneyBadger mentioned.

I maintain periodic snapshots on important datasets going back a decade. This doesn't protect the files from being rewritten, but it does allow me to recover them.

As I previously noted, you can also set schg on files to make them harder to change.

Both snapshots and schg are things that would be difficult for a client to mess with over a SMB mount.

You could also create a script that takes a checksum of important directories and periodically checks to see if anything has changed unexpectedly.
 
hendry

hendry

Explorer
Joined
May 24, 2018
Messages
98
I'm familiar with checksum tools, but I don't like their overhead. So I was basically curious if zfs could somehow expose the version history of the file.
 
Newfoundland.Republic

Newfoundland.Republic

Guru
Joined
Jul 2, 2019
Messages
648
hendry said:
o I was basically curious if zfs could somehow expose the version history of the file
Click to expand...
Flashback to VMS (which had file versions by appending a semicolon and a number (up to 32 000 or so).
 
ChrisRJ

ChrisRJ

Wizard
Joined
Oct 23, 2020
Messages
1,919
Perhaps it is a bit old-school (and based on checksums) but I would have recommend something like Tripwire.
 
ChrisRJ

ChrisRJ

Wizard
Joined
Oct 23, 2020
Messages
1,919
Newfoundland.Republic said:
Flashback to VMS (which had file versions by appending a semicolon and a number (up to 32 000 or so).
Click to expand...
Perhaps we should start adding our OS experiences in addition to our infrastructure ;-)
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
hendry said:
I'm familiar with checksum tools, but I don't like their overhead. So I was basically curious if zfs could somehow expose the version history of the file.
Click to expand...
If you're familiar with C programming, libzfs C API you can write a CLI application that do something like the following:
1) get libzfs handle
2) use libzfs handle to get zfs dataset handle for path using path_to_zhandle()
3) use libzfs API call zfs_iter_snapshots_sorted(zfs dataset handle, <callback function>, <private>) with a callback function that takes arguments like (zfs_handle_t *snap, void *private), and pass your filtering args in via "private".

This is basically what I do samba's smblibzfs and vfs_shadow_copy_zfs to generate lists of "previous versions" of files. Same might be possible with py-libzfs. `zfs diff` in libzfs API unfortunately does not support a callback function.
 
hendry

hendry

Explorer
Joined
May 24, 2018
Messages
98
Maybe I'm paranoid, but I think that it's so easy for old archives can be accidentally modified. I've done it myself! (Disclaimer: I could be an idiot)

So I am surprised there aren't ready solutions to track "old archives" being modified.
 
blanchet

blanchet

Guru
Joined
Apr 17, 2018
Messages
516
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Freeze concept?"

Similar threads

hendry
Read only life cycle / Immutability
Replies
2
Views
2K
hendry
hendry
depasseg
  • Locked
Help - Script to move files?
Replies
1
Views
1K
Bidule0hm
Bidule0hm
hendry
  • Locked
Worried about deleted and moved files with MacOS
Replies
3
Views
2K
anodos
anodos
E
  • Locked
Script to delete oldest backup folder
Replies
4
Views
4K
Arwen
Arwen
hendry
Syncing to Glacier when a local file has become corrupted
Replies
11
Views
8K
nathanael
N
Top