On Mon, Feb 08, 2010 at 03:41:16PM -0500, Miles Nordin wrote:
> ch> In our particular case, there won't be
> ch> snapshots of destroyed filesystems (I create the snapshots,
> ch> and destroy them with the filesystem).
>
> Right, but if your zpool is above a zvol vdev (ex COMSTAR on ano
> "nw" == Nicolas Williams writes:
> "ch" == c hanover writes:
Trying again:
ch> In our particular case, there won't be
ch> snapshots of destroyed filesystems (I create the snapshots,
ch> and destroy them with the filesystem).
Right, but if your zpool is above a zvol vdev (
On 05/02/2010 21:46, Nicolas Williams wrote:
On Fri, Feb 05, 2010 at 04:41:08PM -0500, Miles Nordin wrote:
"ch" == c hanover writes:
ch> is there a way to a) securely destroy a filesystem,
AIUI zfs crypto will include this, some day, by forgetting the key.
Right.
but for SSD, zfs a
You might also want to note that with traditional filesystems, the
'shred' utility will securely erase data, but no tools like that
will work for zfs.
___
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/z
On Feb 5, 2010, at 5:19 PM, Nicolas Williams wrote:
>> ZFS crypto will be nice when we get either NFSv4 or NFSv3 w/krb5 for
>> over the wire encryption. Until then, not much point.
>
> You can use NFS with krb5 over the wire encryption _now_.
>
> Nico
> --
I know, that's just something I'm wo
On Fri, Feb 05, 2010 at 05:08:02PM -0500, c.hanover wrote:
> In our particular case, there won't be snapshots of destroyed
> filesystems (I create the snapshots, and destroy them with the
> filesystem).
OK.
> I'm not too sure on the particulars of NFS/ZFS, but would it be
> possible to create a 1
On 2/5/10 5:08 PM -0500 c.hanover wrote:
would it be possible to
create a 1GB file without writing any data to it, and then use a hex
editor to access the data stored on those blocks previously?
No, not over NFS and also not locally. You'd be creating a sparse file,
which doesn't allocate spa
In our particular case, there won't be snapshots of destroyed filesystems (I
create the snapshots, and destroy them with the filesystem).
I'm not too sure on the particulars of NFS/ZFS, but would it be possible to
create a 1GB file without writing any data to it, and then use a hex editor to
acc
On Fri, Feb 05, 2010 at 04:41:08PM -0500, Miles Nordin wrote:
> > "ch" == c hanover writes:
>
> ch> is there a way to a) securely destroy a filesystem,
>
> AIUI zfs crypto will include this, some day, by forgetting the key.
Right.
> but for SSD, zfs above a zvol, or zfs above a SAN tha
On Fri, Feb 05, 2010 at 03:49:15PM -0500, c.hanover wrote:
> Two things, mostly related, that I'm trying to find answers to for our
> security team.
>
> Does this scenario make sense:
> * Create a filesystem at /users/nfsshare1, user uses it for a while,
> asks for the filesystem to be deleted
> *
> "ch" == c hanover writes:
ch> is there a way to a) securely destroy a filesystem,
AIUI zfs crypto will include this, some day, by forgetting the key.
but for SSD, zfs above a zvol, or zfs above a SAN that may do
snapshots without your consent, I think it's just logically not a
solveab
On 2/5/10 3:49 PM -0500 c.hanover wrote:
Two things, mostly related, that I'm trying to find answers to for our
security team.
Does this scenario make sense:
* Create a filesystem at /users/nfsshare1, user uses it for a while, asks
for the filesystem to be deleted * New user asks for a filesyste
12 matches
Mail list logo
