I have a requirement to give a user access to an NFS share on which they may place some files, and then delete the files. Assume they are rogue and may try to really delete the files (I'm not sure if shred works via NFS but whatever is the equivalent). We don't want them to realise the NFS share has been changed (it's their home directory).
Yeah... strange requirement I know!
Is there a filesystem or setting on NFS so it appears like the user is deleting files while really they are being stored? I was told this was a revisioning file system but I could not find many references to that.
I'm aware you can "undelete" on ext3 and similar by using recovery programs but we would like something more robust than that, ideally something that stores all copies of files in some easily accessible form.
Using CentOS 5.8 . User can't delete their files because they are "rogue" and no longer trusted (it's complicated, and that's all I know).
Versioning File System
NILFS does auto and continuous snapshots, so it can keep track of modified and deleted files. Version 2 (aka NILFS2) has also a neat garbage collection mechanism to avoid that the file system gets full with too many snapshots! I would definitively look at that solution!
A search on Wikipedia also returned ext3cow which does copy-on-write at block level and can keep tracks of file versions.
Both solution have been around for a while now, but I cannot speak for their maturity in an enterprise environment as I have no experience with them.
Another approach
One could simply use an incremental backup system, a sort of rsync that keeps the NFS share in a different places, but that can also restore deleted files.
Such a solution is not bullet proof and requires extra storage, so it might not fit your requirements or budget. In addition, this solution would run on a periodical basis, so each file created and deleted between to backup session would be definitively lost.
If these limitations fit still the bill, then have a look at rdiff-backup. It is a command line tool and will do the job properly and easily.
Perhaps, having both approach could prove safer.
I do not know about NFS, but you definitely can do this using CIFS. There is samba module called
vfs_recycle. When it's on, every deleted file actually moves to dir you've stated in config. You can also includeveto filesdirective and state the recycle dir so users couldn't see the recycle.There's always the option of ZFS on Linux and taking periodic snapshots of the filesystem exports. An example of an auto-snapshot service for the Linux variant of ZFS. ZFS snapshots show up by default in a subdirectory of the filesystem share under (an invisible)
.zfs/snapshot/tree in a manner that's transparent to the user.If you use ext* filesystem, you can use attributes to get the behavior you want. You could either use immutable flag (if you enable it, no action can be done at that file) or 'u' flag (When file is deleted, its contents are saved. This allows the user to ask for its undeletion.)
http://docs.petervg.nl/index.php/component/content/article/41-linux/59-ext3-file-attributes