ZFS user restrictions

[mka]

Hi,

I'm currently planing my new NAS upon FreeNAS and ZFS (RaidZ2 6x WD Red 4TB). I've built up an "evaluation" system to test certain feature before the new system goes live and migration will start.

I absolutely enjoy ZFS, it seems to fix everything I always disliked about traditional Raid Setup. But it's quite easy to do "harmful" stuff, like adding a single disk to an RaidZ Pool. Which I accidentally did during evaluation:

Code:

        NAME        STATE    READ WRITE CKSUM
        tank0       ONLINE      0    0    0
          raidz1    ONLINE      0    0    0
             ad2s1  ONLINE      0    0    0
             ad3s1  ONLINE      0    0    0
             ad4s1  ONLINE      0    0    0
          ad6s1     ONLINE      0    0    0
  

The non redundancy drive cannot be removed without destroying the zpool and it removes all redundancy from the pool. I cannot think of a scenario in which this is not a mistake. I then accidentally destroyed the wrong zpool pool. One wrong number at the end and it was all gone :) That's why I built the evaluation system in the first place and it has been fun. But the chances of doing harmful commands on real live data appear to be quite high from my first impression.

I would suspect ZFS to warn about possible dangerous commands and require maybe a "--force" program option. Or only accept certain commands in su mode. Is it possible to restrict certain commands to administrative user privileges?

Thank you! :)

 

[cyberjock]

I'm not sure what version of FreeNAS you are using, but the GUI Volume Manager should not let you do things like add a single disk vdev. In fact, that was THE main feature of the new Volume Manager with 9.x. 8.x would let you have complete and total control(to the point of letting you do stupid things if you don't know what you are doing). ZFS will let you do whatever you want because its job is not to stop you from doing something that might be stupid. Because I can tell you that there are PLENTY of situations where adding a single disk is absolutely deliberate(and those people hate the 9.x Volume Manager). I'm not a fan of the new Volume Manager because I do want total control. I don't want some program telling me how I'm going to use my drives. In fact, my pools are still v28 so that I can go back to 8.x anytime I want to change my pool setup.

If you did the ZFS manipulations from the command line, well, you weren't doing it in the way that was intended by the FreeNAS designers(and not in accordance with the manual..so what did you expect?).

And hate to break it to you, but doing anything to your zpool from the command line requires root access. Virtually all of the zpool and zfs commands require root access.

And to add to more fun to the mess, you can't engineer out all of the "stupid" things people do, no matter how hard you try. It's more important that you be a well informed and educated server owner and not make those dumb mistakes. If we tried to make FreeNAS not let you do "stupid" things, it would force you to use ECC RAM, you'd have to have 8GB of RAM just to mount a zpool, and I would have made sure you could never created RAIDZ1 pools(which you did). All 3 of those have cost plenty of previous forum users their entire pool of data(most had no backup and you can't use recovery tools to get your data off of a trashed zpool).

At some point you have to let the admin be responsible for his actions. That began the moment you decided to power on a server and put an OS on it.

 

[mka]

Thanks. This was more a question regarding ZFS than FreeNAS. I switched from vanilla FreeBSD to FreeNAS for among other tings that reason. But the whole purpose of that "evaluation" system without any real data was to learn and educate me.

And of course one has to engineer out possible stupid things the user might do, especially when it's more likely to be a mistake . People do stupid things all the time, from DAU to Administrator and I was not suggesting to prohibit it, but warn were this likely to occur and use a "--force" option or something. What sense does the above setup make (adding non-redundancy drive to a RaidZ pool), I couldn't figure that out?

And the RaidZ1 is just for "Evaluation". The target system will ATM feature a RaidZ2, 32GB ECC Ram, among others.

EDIT: I've found a quite exact duplicate on this questions at the FreeBSD mailing list:
http://lists.freebsd.org/pipermail/freebsd-fs/2009-June/006336.html