commit 965af25890a9eb72127776c6fe7dc03b14b7ce92 Author: Ethan Hunter Date: Sat Dec 17 03:35:38 2022 -0700 inital commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..a82f36b --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# ZFS SnapZD + +I guess I'm rewriting Sanoid/Syncoid because I don't want 100 perl AURs on my machine + + +# Notes + +There are two programs included in this package + +## snapzd + +Main program responsible for taking snapshot and managing ZFS datasets + +## snapzr + +snapz reciever responsible for recieving snapshots. This must be installed on the target machine + +## Info + +`snapzd` should be run as root +`snapzr` can be run as root, but this encourages root ssh, so maybe don't do that. Instead, create a role account on the target machine called `snapz` and a group `snapzr`. The `snapzr` binary should have the `setuid` flag set. +as root: +``` +$ chown root:snapzr snapzr +$ chmod 4650 snapzr +``` +if this is done, only users in the snapzr group can run `snapzr`. The binary WILL RUN AS ROOT. To ensure it's secure, `snapzr` has limited functionality - it takes just the name of the dataset to overwrite with the snapshot. This is configured in `/etc/snapzd/recv/targets.yaml`. This file should be owned by root.