on 29/07/2009 17:52 Andre van Eyssen said the following: > On Wed, 29 Jul 2009, Andriy Gapon wrote: > >> Well, I specifically stated that this property should not be >> recursive, i.e. it >> should work only in a root of a filesystem. >> When setting this property on a filesystem an administrator should >> carefully set >> permissions to make sure that only trusted entities can create >> directories there. > > Even limited to the root of a filesystem, it still gives a user the > ability to consume resources rapidly. While I appreciate the fact that > it would be restricted by permissions, I can think of a number of usage > cases where it could suddenly tank a host. One use that might pop up, > for example, would be cache spools - which often contain *many* > directories. One runaway and kaboom.
Well, the feature would not be on by default. So careful evaluation and planning should prevent abuses. > We generally use hosts now with plenty of RAM and the per-filesystem > overhead for ZFS doesn't cause much concern. However, on a scratch box, > try creating a big stack of filesystems - you can end up with a pool > that consumes so much memory you can't import it! > >> 'rmdir' question requires some thinking, my first reaction is it >> should do zfs >> destroy... > > .. which will fail if there's a snapshot, for example. The problem seems > to be reasonably complex - compounded by the fact that many programs > that create or remove directories do so directly - not by calling > externals that would be ZFS aware. Well, snapshots could be destroyed too, nothing stops from doing that. BTW, I am not proposing to implement this feature in mkdir/rmdir userland utility, I am proposing to implement the feature in ZFS kernel code responsible for directory creation/removal. -- Andriy Gapon _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss