Are tools necessary to ensure that deleted ZFS pools can not be recovered or that deleted filesystems are really deleted? If the current delete commands do offer some level of data recovery, is worth offering a destroy command which deletes and ensures no means of recovery other than a backup? -- This message posted from opensolaris.org
russell aspinwall wrote:> Are tools necessary to ensure that deleted ZFS pools can not be recovered or that deleted filesystems are really deleted?dd if=/dev/zero over the disks, or use format(1M) analyze -> purge. For just a single filesystem you can get some comfort level by doing: zfs destroy tank/mysensitive dd if=/dev/zero of=/tank/fill bs=128k rm /tank/fill Not perfect but all we have today for datasets.> If the current delete commands do offer some level of data recovery,> is worth offering a destroy command which deletes and ensures no > means of recovery other than a backup? If you want that level of destruction the accepted best practice is now to use encryption and "forget" your key. This is accepted by many organisations that follow NIST guidelines on data security and key management. Once I''m finished delivering encryption and the BP rewrite project integrates I hope to have time to look at a "erase behind" capability, this would be a per dataset property (or maybe even a per file attribute). -- Darren J Moffat
Thanks for clearing up the issue -- This message posted from opensolaris.org
On Thu, Aug 13, 2009 at 12:23 PM, Darren J Moffat<darrenm at opensolaris.org> wrote:> russell aspinwall wrote: >> >> Are tools necessary to ensure that deleted ZFS pools can not be recovered >> or that deleted filesystems are really deleted? > > dd if=/dev/zero over the disks, or use format(1M) analyze -> purge. > > For just a single filesystem you can get some comfort level by doing: > > zfs destroy tank/mysensitive > dd if=/dev/zero of=/tank/fill bs=128k > rm /tank/fill >If you happen to have compression turned on that won''t do anything. You''ll have better luck with /dev/urandom.> Not perfect but all we have today for datasets.-- Regards, Cyril