I would like some clarification on how WORM works in TrueNas SCALE (I have installed the latest Community version).
I need to archive files that must no longer be changed; therefore I wanted to activate WORM (Write Once Ready Many) on a dataset defined on a HDD, which, by its nature, is rewritable.
So, what happens if someone accesses the disk directly?
Vice versa, if the files are then transferred to a CD/DVD-ROM, is the disk recoverable and WORM deactivated?
Reading posts on the forum I think I also understood that some users, and only them, can be assigned rw rights; is this true?
Yes, you just need to read about file permissions and how they work.
For example, you might make an “Archive” volume that either users only have read access, or that is mounted by users as read-only.
I don’t want to be wrong, but WORM is something that goes beyond rights management; it is a function that is activated automatically after a specific period of time defined in the configuration.
Which means that user John can save a file and modify it as long as the file is not “protected” by WORM. From that moment on, not even John will be able to modify or delete it.
This is used, for example, to save contracts.
But I was wondering what happens if someone extracts the disk and goes to modify it on another PC.
Or provide that the user David can interact with the files even if they are protected by WORM.
OK, thanks, maybe I am the one that needs to do reading.
I’m sure there is records management software that will automatically move data to an archive after a configured amount of time. This could also be accomplished with scripts. Without knowing more specifics about your desired end-state, it’s hard to suggest methods.
If a file is readable, there is always the possibility of copying it and making modifications to the copy. You mentioned contracts. In my organization, we use PKI and digital signatures for validating integrity of PDF/Acrobat documents. If the file is modified after signature, the digital signature become invalidated. PKI is also used for non-repudiation on email, just like you’d use certificates to authenticate websites and systems.
In fact, we also use a digital signature for contracts and documents that are sent externally.
The use I was thinking of is more for internal file production, to prevent a document, once approved, from being modified for some reason.
Users have a certain period of time to modify it, but once the deadline has expired, that document becomes immutable.
I am guessing that TrueNAS uses the worm module from the samba package, perhaps with some modifications, but it may still be interesting to see what the samba team says about it either way:
https://wiki.samba.org/index.php/Using_the_worm_VFS_Module
Especially note the last paragraph under the headline “What is the Samba vfs_worm module and what it isn’t”:
The module does not provide complete WORM functions, like some archiving products do! It is not audit-proof, because the WORM function is only available on the client side, when accessing a share through SMB! If the same folder is shared by other services like NFS, the access only depents on the underlaying filesystem ACLs. Equally if you access the content directly on the server.
2 Likes
To add to the discussion: The only protection this “WORM” offers is if the data is exclusively accessed through SMB.
It’s not even that reliable, since some clients ignore the option, allowing the user to modify or delete the “protected” file anyways.
It’s ideal for casual protection, such as a home environment, to prevent others from accidentally deleting or modifying recently saved files, without denying them access from writing new files to the share.
So does that mean that using a dvd-R is the way to go?
I have limited knowledge of WORM and will read the links you pointed out.
However, you gave me a first answer because the “protection” seems to be limited.
As for saving to DVD-ROM, I don’t think it can be managed automatically by TrueNAS.
Enabling encryption at the dataset or disk level will help protect against outside tampering of files, because the data won’t be accessible by someone who attempts to mount the disks or filesystem on another system.
Auditing functionality could inform you of any edits made to the files, but if you are looking to prevent these edits entirely, building an immutable bucket on S3/MinIO might be the ticket there - although you would have to identify a way to migrate the files there after the defined modification period has elapsed.
Given the business applications of this, I’d be happy to put you in touch with a TrueNAS sales rep if you’re looking to purchase a solution with particular compliance requirements eg: FIPS, or are looking to enable self-encrypting drives (SED)
