From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 37BF91FF16B for ; Thu, 14 Nov 2024 16:16:15 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 5D99B34C0F; Thu, 14 Nov 2024 16:16:12 +0100 (CET) From: Christian Ebner To: pbs-devel@lists.proxmox.com Date: Thu, 14 Nov 2024 16:15:50 +0100 Message-Id: <20241114151551.407971-1-c.ebner@proxmox.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.032 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH v3 proxmox-backup 1/2] docs: add security implications of prune and change detection mode X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox Backup Server development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pbs-devel-bounces@lists.proxmox.com Sender: "pbs-devel" Users should be made aware that the data stored in chunks outlives the backup snapshots on pruning and that backups created using the change-detection-mode set to metadata might reference chunks containing files which have vanished since the previous backup, but might still be accessible when access to the chunks raw data is possible (client or server side). Reviewed-by: Gabriel Goller Signed-off-by: Christian Ebner --- changes since version 2: - s/Further/Moreover/ for second sentence starting with Further - fix formatting for metadata by using double backticks - Improve text flow based on suggestions docs/maintenance.rst | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/docs/maintenance.rst b/docs/maintenance.rst index 4bb135e4e..601756246 100644 --- a/docs/maintenance.rst +++ b/docs/maintenance.rst @@ -6,8 +6,34 @@ Maintenance Tasks Pruning ------- -Prune lets you specify which backup snapshots you want to keep. -The following retention options are available: +Prune lets you specify which backup snapshots you want to keep, removing others. +When pruning a snapshot, only the snapshot metadata (manifest, indices, blobs, +log and notes) is removed. The chunks containing the actual backup data and +previously referenced by the pruned snapshot, have to be removed by a garbage +collection run. + +.. Caution:: Take into consideration that sensitive information stored in a + given data chunk will outlive pruned snapshots and remain present in the + datastore as long as referenced by at least one backup snapshot. Further, + *even* if no snapshot references a given chunk, it will remain present until + removed by the garbage collection. + + Moreover, file-level backups created using the change detection mode + ``metadata`` can reference backup chunks containing files which have vanished + since the previous backup. These files might still be accessible by reading + the chunks raw data (client or server side). + + To remove chunks containing sensitive data, prune any snapshot made while the + data was part of the backup input and run a garbage collection. Further, if + using file-based backups with change detection mode ``metadata``, + additionally prune all snapshots since the sensitive data was no longer part + of the backup input and run a garbage collection. + + The no longer referenced chunks will then be marked for deletion on the next + garbage collection run and removed by a subsequent run after the grace + period. + +The following retention options are available for pruning: ``keep-last `` Keep the last ```` backup snapshots. -- 2.39.5 _______________________________________________ pbs-devel mailing list pbs-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel