inital commit
This commit is contained in:
@@ -0,0 +1,27 @@
|
||||
# ZFS SnapZD
|
||||
|
||||
I guess I'm rewriting Sanoid/Syncoid because I don't want 100 perl AURs on my machine
|
||||
|
||||
|
||||
# Notes
|
||||
|
||||
There are two programs included in this package
|
||||
|
||||
## snapzd
|
||||
|
||||
Main program responsible for taking snapshot and managing ZFS datasets
|
||||
|
||||
## snapzr
|
||||
|
||||
snapz reciever responsible for recieving snapshots. This must be installed on the target machine
|
||||
|
||||
## Info
|
||||
|
||||
`snapzd` should be run as root
|
||||
`snapzr` can be run as root, but this encourages root ssh, so maybe don't do that. Instead, create a role account on the target machine called `snapz` and a group `snapzr`. The `snapzr` binary should have the `setuid` flag set.
|
||||
as root:
|
||||
```
|
||||
$ chown root:snapzr snapzr
|
||||
$ chmod 4650 snapzr
|
||||
```
|
||||
if this is done, only users in the snapzr group can run `snapzr`. The binary WILL RUN AS ROOT. To ensure it's secure, `snapzr` has limited functionality - it takes just the name of the dataset to overwrite with the snapshot. This is configured in `/etc/snapzd/recv/targets.yaml`. This file should be owned by root.
|
||||
Reference in New Issue
Block a user