Interesting thread - a few comments:
Finite-sized validation checksums aren't a 100% solution either, but they're
certainly good enough to be extremely useful.
NetApp has built a rather decent business at least in part by providing
less-than-100% user-level undo-style facilities via snapshots (not that novel a
feature these days, but it was when they introduced it). More recently,
'continuous data protection' products seem to be receiving an enthusiastic
response from customers despite their hefty price tags (of course, they *do*
purport to be a '100% solution', as long as you're willing to pay for unbounded
expansion of storage).
My dim recollection is that TOPS-10 implemented its popular (but again <100%)
undelete mechanism using the same kind of 'space-available' approach suggested
here. It did, however, support explicit 'delete - I really mean it' facilities
to help keep unwanted detritus from shouldering out more desirable bits
('expunge' being the applicable incantation, which had an appropriate ring of
finality to it). Tying into user quotas such that one user can't drive another
user's most-recently-deleted content out of the system seems implicit in
eschrock's comments.
But it is likely that in at least some situations promiscuously retaining
*everything* even for a limited time would be a real problem, and that in a lot
more it would be at least sub-optimal. Creating a directory attribute
inheritable by subdirectories and files controlling temporary undelete-style
preservation would help (one could also consider per-file-type controls, though
file extensions may not be ideal hooks and I don't know whether ZFS uses file
attributes to establish types).
Since this is essentially a per-file mechanism, it really shouldn't require the
level of system-wide flush-synchronization that a formal snapshot requires,
should it? Especially if it really is limited to preserving deleted files
(though it's possible that you could extend it to cover incremental updates as
well). If a full-fledged snapshot has too high an overhead to be left to the
discretion of common users, that's even more reason to try to implement some
form of undelete facility that's lighter in weight.
- bill
This message posted from opensolaris.org
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
