[RandomBK]

Huh, this is new to me. How does zfs handle regular directories that happen to be named .zfs?

Might this be a security issue as well? What permissions are needed to access this path? If I somehow have a webserver serving static files from a zfs dataset, might someone use this to access old or deleted files?

[4oo4]

I imagine that you will have issues when you enable the setting to make the snapshot directory visible, or it'll behave like a folder that has things in it when you mount something onto the same place (you think you just overwrote all the files, but then you unmount the second thing and it's fine).

Looks like by default the `.zfs/snapshot` folder is owned by root, but has 777 permissions. Then inside the snapshots themselves they have the same permissions as the main pool.

Not sure if there is a way to configure permissions on it, but if security is a concern, you could leave it disabled with `snapdir=hidden`, then just set it to `visible` if you need in there. I think it's disabled by default, so if you haven't gone out of your way to turn it on you're probably good. If you want to leave it visible all the time, you probably want apparmor or something to manage access.