From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 285A21FF173 for ; Mon, 25 Nov 2024 11:56:21 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id F180E1042F; Mon, 25 Nov 2024 11:56:19 +0100 (CET) Date: Mon, 25 Nov 2024 11:56:13 +0100 From: Fabian =?iso-8859-1?q?Gr=FCnbichler?= To: Proxmox Backup Server development discussion References: <20241114151551.407971-1-c.ebner@proxmox.com> In-Reply-To: <20241114151551.407971-1-c.ebner@proxmox.com> MIME-Version: 1.0 User-Agent: astroid/0.16.0 (https://github.com/astroidmail/astroid) Message-Id: <1732532163.ggb994v280.astroid@yuna.none> X-SPAM-LEVEL: Spam detection results: 0 AWL 0.049 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] applied-series: [PATCH v3 proxmox-backup 1/2] docs: add security implications of prune and change detection mode X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" thanks! On November 14, 2024 4:15 pm, Christian Ebner wrote: > Users should be made aware that the data stored in chunks outlives > the backup snapshots on pruning and that backups created using the > change-detection-mode set to metadata might reference chunks > containing files which have vanished since the previous backup, but > might still be accessible when access to the chunks raw data is > possible (client or server side). > > Reviewed-by: Gabriel Goller > Signed-off-by: Christian Ebner > --- > changes since version 2: > - s/Further/Moreover/ for second sentence starting with Further > - fix formatting for metadata by using double backticks > - Improve text flow based on suggestions > > docs/maintenance.rst | 30 ++++++++++++++++++++++++++++-- > 1 file changed, 28 insertions(+), 2 deletions(-) > > diff --git a/docs/maintenance.rst b/docs/maintenance.rst > index 4bb135e4e..601756246 100644 > --- a/docs/maintenance.rst > +++ b/docs/maintenance.rst > @@ -6,8 +6,34 @@ Maintenance Tasks > Pruning > ------- > > -Prune lets you specify which backup snapshots you want to keep. > -The following retention options are available: > +Prune lets you specify which backup snapshots you want to keep, removing others. > +When pruning a snapshot, only the snapshot metadata (manifest, indices, blobs, > +log and notes) is removed. The chunks containing the actual backup data and > +previously referenced by the pruned snapshot, have to be removed by a garbage > +collection run. > + > +.. Caution:: Take into consideration that sensitive information stored in a > + given data chunk will outlive pruned snapshots and remain present in the > + datastore as long as referenced by at least one backup snapshot. Further, > + *even* if no snapshot references a given chunk, it will remain present until > + removed by the garbage collection. > + > + Moreover, file-level backups created using the change detection mode > + ``metadata`` can reference backup chunks containing files which have vanished > + since the previous backup. These files might still be accessible by reading > + the chunks raw data (client or server side). > + > + To remove chunks containing sensitive data, prune any snapshot made while the > + data was part of the backup input and run a garbage collection. Further, if > + using file-based backups with change detection mode ``metadata``, > + additionally prune all snapshots since the sensitive data was no longer part > + of the backup input and run a garbage collection. > + > + The no longer referenced chunks will then be marked for deletion on the next > + garbage collection run and removed by a subsequent run after the grace > + period. > + > +The following retention options are available for pruning: > > ``keep-last `` > Keep the last ```` backup snapshots. > -- > 2.39.5 > > > > _______________________________________________ > pbs-devel mailing list > pbs-devel@lists.proxmox.com > https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel > > > _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel