Oracle® Solaris 11 Security Guidelines

Exit Print View

Updated: August 2014

Protecting File Systems

ZFS file systems are lightweight and can be encrypted, compressed, and configured with reserved space and disk space quotas.

The tmpfs file system can grow without bound. To prevent a denial of service (DoS) attack, complete How to Limit the Size of the tmpfs File System.

The following tasks configure a size limit for tmpfs and provide a glimpse of the protections that are available in ZFS, the default file system in Oracle Solaris. For additional information, see Setting ZFS Quotas and Reservations in Managing ZFS File Systems in Oracle Solaris 11.2 and the zfs(1M) man page.

Table 2-4  Protecting File Systems Task Map
For Instructions
Prevent DoS attacks by managing and reserving disk space.
Specifies the use of disk space by file system, by user or group, or by project.
Guarantee a minimum amount of disk space to a dataset and its descendants.
Guarantees disk space by file system, by user or group, or by project.
Encrypt data on a file system.
Protects a dataset with encryption and a passphrase to access the dataset at dataset creation.
Limit the size of the tmpfs file system.
Prevents a malicious user from creating large files in /tmp to slow down the system.