Protect BTRFS snapshots from deletion by user

Question

I have the following structure on my Debian:

btrfs                              (mount point)
  +-- my_data                      (subvolume)
  +-- my_data_snapshots            (subvolume)
        +-- latest                 (symlink)
        +-- 2020_05_14_-_20_00_00  (read-only snapshot)
        +-- 2020_05_14_-_19_30_00  (read-only snapshot)
        +-- ...

I think it is quite self-explanatory.

my_data is a "work" folder, where data is changed. From time to time I run a script create_snapshot.sh, that creates a new snapshot in my_data_snapshots.

I would like to protect all the snapshots from being e.g. accidentally deleted or whatever bad might happen to them.

I was thinking about setting permissions on the folders/subvolumes, but seems like this will not work, because I need write permissions because of the script (to create new snapshots).

Maybe I could set it so only root user can make snapshots...

I found this question about USER_SUBVOL_RM_ALLOWED option of BTRFS... I thought this could solve my problem, since it should allow users only to create snapshots/subvolumes but not to delete them... but seems like it's not working in my case...

I will be glad for any ideas. Thank you.

score 0 · Answer 1 · answered May 15 '20 at 12:23

0

You can mount the my_data_snapshots subvolume as read-only for user access, and then you can mount the same subvolume elsewhere as read-write, for the script to be able to create snapshots.

answered May 15 '20 at 12:23

Emmanuel Rosa

7,128

Protect BTRFS snapshots from deletion by user

1 Answers1