On TrueNAS Scale, I’d like to setup a replication task to a NAS of my friend (and vice versa). The two NAS are connected using wireguard.
However, I can’t wrap my head around the fact that sudo access to the zfs binary is required. Wouldn’t allow this any attacker taking over the NAS of my friend to destroy arbitrary datasets on my end?
I have searched many forum posts, stumbled upon the Linux Kernel issue with zfs, but there seems no solution in-sight, and nobody caring.
Am I missing something? Or how do you secure replications?
Perhaps explore zfs allow. This lets you allow a non root user privileges to (for example) send or receive replication depending on PUSH or PULL configuration.
Thanks for refering to zfs allow. I missed to mention that the sending / receiving users are allowed @all (for the purpose of debugging) on the corresponding datasets.
Might it be an issue that the datasets transferred are encrypted?
I use zfs allow to manage this, as @Johnny_Fartpants suggests.
Wouldn’t allow this any attacker taking over the NAS of my friend to destroy arbitrary datasets on my end?
Yes.
There has been much spirited debate around TrueNAS’s expectations in this area and related areas like firewalling. Generally, the community (and seemingly iX Systems) thinking is that storage shouldn’t be located on network segments that are widely or easily accessed, and this is typically cited as a compensating control. (I’m withholding my opinion on that.) Interesting to note is that on a TrueNAS installation the zfs and zpool binaries aren’t executable by unprivileged users, and privileged users other than root must escalate their privileges. In contrast, looking at my stock Debian system, that is not the case (although you can’t issue mutating commands without explicit privileges there either).
man zfs-allow and man zfs-unallow are excellent starting points. Klara also has a writeup here.
1 Like
