> From: Tom Limoncelli [mailto:[email protected]] > > Just to repeat the problem: > > Suppose you put info on a Netapp that wasn't supposed to be stored > online. It gets into a snapshot. You can't delete it from the > snapshot, because snapshots are read-only. You can delete the > snapshot, but what if your users need the snapshot for other reasons?
No, that wasn't the problem. The problem was: If you have private data, which is correctly protected, and then you delete it, you should know that it always was and always will be correctly protected, right? Not quite. After you delete the data, if you change perms of the parent, then the deleted data is suddenly exposed to people who should never have had access to it. Permission can be granted to the data, after the delete, which was never granted before. > > ... > > You can disable the ability for people to view snapshots until the > ... You are right that the problem could be fixed by sacrificing all the snapshots that contained the private data. But I didn't know until you said so, about disabling access to the snapshots. But if you prevent access to the snapshots, doesn't that *almost* make the snapshot as useless as deleting the snapshot? Now the snapshot can only be used by root, so it's basically for backups only, or for restoring user things with administrator assistance. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
