How To Use TrueNAS ZFS Snapshots For Ransomware Protection & VSS Shadow Copies

I have two questions related to snapshots in TrueNAS. Maybe someone has some input or knowledge that would help.

  1. How can one see how much space would be recovered if all snapshots for a given share are deleted?

The reason I ask this question is I am trying to determine what snapshot retention length works best for my needs as a home user/enthusiast. Of course in an ideal world I would keep snapshots forever, however I have a limited storage budget and thus I would not like to “waste” a large portion of my available storage keeping old snapshots.

Is there anyway to exclude specific files from snapshots? Say I have a few files 100GB each on my share. TrueNAS takes a snapshot. Then I delete the files. These files are still taking 300GB of space on my TrueNAS until the snapshot is deleted. Is it possible to tell TrueNAS “These files are junk, I don’t want them in my snapshots”. I assume the answer to this question is no.

  1. VSS Shadow Copies

I believe this is a feature that is specific to Windows SMB shares. Is there a method for restoring previous versions of files/directories on a Linux or macOS system that is similar to the method Tom performed in the video using Win10? This feature would be super useful if I needed to restore part of a snapshot, but not the entire snapshot.

As always, thanks for the great video Tom.

The space used is under the “Used” heading and because snapshots are at the block level not the file level there are not exclusions. I have never tried to access VSS under Linux, I know it is not natively enabled in Ubunutu / Pop_OS!.

1 Like

This video is very intriguing!

But I’m confused…
If I want to use this for my 2012 server do I need to move all of my shared folders to the NAS? Or does this store and protect the shadow copies that are currently on my 2012 Server?

It only protects data on the NAS.

ah ok. So I would need to move my storage data from the server to the NAS

1 Like

Hi, thanks for the video.

I’m struggling to get the Restore Previous Versions option to work when snapshots are enabled.

I have turned on daily snapshots for my pool, and set it to recursively do all datasets as attached.

poolSetup

Restore Previous Versions just says nothing found - tried it on files and folders.

I have plenty of auto snapshots available now, and browsing the .zfs folder shows them with files in, so that part seems ok. All smb shares have Shadow Copies enabled as well.

These are my vfs options on each share:

vfs objects = catia fruit ixnas streams_xattr zfs_space zfsacl

And these are my smb service options:

disable netbios = yes
fruit:nfs_aces = no
mangled names = illegal
store dos attributes = no
map archive = no
map hidden = no
map readonly = no
map system = no
symlinks = yes
widelinks = yes
follow symlinks = yes
unix extensions = no
aio read size = 1
aio write size = 1
server multi channel support = yes
log level = 1 auth_audit:5
veto files = /.windows/.mac/

I didn’t have a snapshot before creating all the shares, but I have restarted the smbd service as advised but nothing has changed.

Any ideas on what to try next?

Thanks!