winnielinnie
MVP
- Joined
- Oct 22, 2019
- Messages
- 3,641
This is a short, brief FYI for paranoid users, such as myself. I make no suggestions nor recommendations, but I thought I would share this tidbit on these forums.
The log file generated and appended by the SMB Service located at /var/log/samba4/log.smbd contains the full names of files being accessed via a network share. I don't recall changing the Log Level from its default, so I assume this is standard behavior "out of the box" with a fresh TrueNAS setup. I was under the impression that only critical errors and warnings were logged, but not every single file being accessed, to my surprise.
For reference, my Log Level was set to Normal, under the Service > SMB settings. The tooltip reads "By default, error and warning level messages are logged."
This means that if your System Dataset resides on your boot device (never encrypted) or a data pool without encryption, it's trivial to see what files live on your ZFS pools, even if you are using native ZFS encryption to obfuscate what is stored within. The boot device stores these logs in the clear (if this is where you chose to save your logs / System Dataset.)
Do with this knowledge what you will. The above requires someone to have physical access to your system or gain possession of your boot drives, as well as be proficient enough to understand and access a ZFS pool, as well as to intentionally read the contents of a log file. (It's not a simple matter of plug-and-play like one would do with a Windows PC and a USB stick.)
That is all.
The log file generated and appended by the SMB Service located at /var/log/samba4/log.smbd contains the full names of files being accessed via a network share. I don't recall changing the Log Level from its default, so I assume this is standard behavior "out of the box" with a fresh TrueNAS setup. I was under the impression that only critical errors and warnings were logged, but not every single file being accessed, to my surprise.
For reference, my Log Level was set to Normal, under the Service > SMB settings. The tooltip reads "By default, error and warning level messages are logged."
This means that if your System Dataset resides on your boot device (never encrypted) or a data pool without encryption, it's trivial to see what files live on your ZFS pools, even if you are using native ZFS encryption to obfuscate what is stored within. The boot device stores these logs in the clear (if this is where you chose to save your logs / System Dataset.)
Do with this knowledge what you will. The above requires someone to have physical access to your system or gain possession of your boot drives, as well as be proficient enough to understand and access a ZFS pool, as well as to intentionally read the contents of a log file. (It's not a simple matter of plug-and-play like one would do with a Windows PC and a USB stick.)
That is all.
Last edited: