ZFS Replication push only Data, no ACL permissions

[djb]

Hello everyone,

I'm looking for a ZFS replication Setup (settings etc..) to perform the ZFS replication from Truenas core with user permissions etc, when the user access rights , ACL permissions etc are active on each dataset.
The target system for ZFS Replication, is the backup repository Truenas core system, so ideally i need all the datasets to replicate, but no permissions for safety reasons. I have only one username "backup" with read only access, to perform offsite backups.

any suggestions on how i can do a setup like described ?

 

[garm]

you can’t, ZFS send is block level, not file level. It will make a perfect copy of the dataset. If you want to scrub data you need to set up something else. Rclone or rsync are my goto solutions

 

[anodos]

In theory you could create a directory / dataset with permissions of 0700 and owned by your backup user, then create directories for dataset mountpoints beneath that path (and mount snapshots as-needed for your offsite backup tasks). Exact implementation details are up to you, the point is that 0700 will prevent non-owner from traversing the path. This doesn't affect the ACL being replicated (as garm mentioned that's a block level thing), and to be frank, backups without permissions seems rather incomplete.