On Tue, Jan 23, 2007 at 11:42:55AM -0800, Stephen Hahn wrote: > Yes, shred won't work on ZFS. Bill and Dan were just telling me that > snapshots mean it can never really work, so it's probably best to drop > it. There are various actions the ZFS team might take to decrease > unintended data recovery, but shred isn't equivalent to any of them.
Snapshots aren't the primary issue. The real issue is COW. Snapshots simply mean that to shred a file you have to find all cloned copies and shred them and then destroy any read-only snapshots that still reference the un-shredded file, then shred the original, and do it atomically w.r.t. further snapshot activity. Painful, but possibly doable, whereas COW means you simply can't shred in user-land without support from the filesystem. > I suppose the question is whether the command should be modified to > warn about "failure to shred on this filesystem", or simply dropped. We should want to have a NIST-compliant shred facility. Wouldn't then the sha*sum FIPS compliance issue come in here as well?
