On 5/31/19 10:06 AM, Michael Kjörling wrote: > Let's hope said ransomware isn't smart enough to run "zfs list X -t > snapshot" and "zfs destroy X@Y". (Baring any local privilege escalation....) I think that ZFS would protect (snapshots) against ransomware running as an unprivileged user that can't run zfs / zpool commands. > And while "zfs list" is Mostly Harmless, let's hope the sysadmin is smart > enough to not let arbitrary users run "zfs destroy" anything important. I have found the zfs and zpool command sufficiently easy to allow limited access via appropriate sudoers entries. -- Grant. . . . unix || die