Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Move notes upward in 3.3 section

George Melikov 2018-04-04 19:26:48 +03:00
parent 0779666670
commit 3be347aeca
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Debian-Stretch-Root-on-ZFS.md

@ -103,6 +103,13 @@ With ZFS, it is not normally necessary to use a mount command (either `mount` or
3.3 Create datasets:
**Notes first:**
The primary goal of this dataset layout is to separate the OS from user data. This allows the root filesystem to be rolled back without rolling back user data such as logs (in `/var/log`). This will be especially important if/when a `beadm` or similar utility is integrated. Since we are creating multiple datasets anyway, it is trivial to add some restrictions (for extra security) at the same time. The `com.sun.auto-snapshot` setting is used by some ZFS snapshot utilities to exclude transient data.
Properties are inherited, if you want to create (for example) `rpool/var/lib` you may need to set `-o exec=on` manually (some apps, like `Postfix`, will need it).
Now you can create datasets:
# zfs create -o setuid=off rpool/home
# zfs create -o mountpoint=/root rpool/home/root
# zfs create -o canmount=off -o setuid=off -o exec=off rpool/var
@ -124,11 +131,6 @@ With ZFS, it is not normally necessary to use a mount command (either `mount` or
# zfs create -o com.sun:auto-snapshot=false \
-o mountpoint=/var/lib/nfs rpool/var/nfs
**Notes:**
Properties are inherited, if you want to create (for example) `rpool/var/lib` you may need to set `-o exec=on` manually.
The primary goal of this dataset layout is to separate the OS from user data. This allows the root filesystem to be rolled back without rolling back user data such as logs (in `/var/log`). This will be especially important if/when a `beadm` or similar utility is integrated. Since we are creating multiple datasets anyway, it is trivial to add some restrictions (for extra security) at the same time. The `com.sun.auto-snapshot` setting is used by some ZFS snapshot utilities to exclude transient data.
3.4 Install the minimal system:
# chmod 1777 /mnt/var/tmp