russell aspinwall wrote:
Are tools necessary to ensure that deleted ZFS pools can not be recovered or
that deleted filesystems are really deleted?
dd if=/dev/zero over the disks, or use format(1M) analyze -> purge.
For just a single filesystem you can get some comfort level by doing:
zfs destroy tank/mysensitive
dd if=/dev/zero of=/tank/fill bs=128k
rm /tank/fill
Not perfect but all we have today for datasets.
If the current delete commands do offer some level of data recovery,
> is worth offering a destroy command which deletes and ensures no
> means of recovery other than a backup?
If you want that level of destruction the accepted best practice is now
to use encryption and "forget" your key. This is accepted by many
organisations that follow NIST guidelines on data security and key
management.
Once I'm finished delivering encryption and the BP rewrite project
integrates I hope to have time to look at a "erase behind" capability,
this would be a per dataset property (or maybe even a per file attribute).
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
