Open mirkoschubert opened 5 years ago
Why not to use tmutil disable
?
@fguisso
tmutil disable
disables the whole automatic backup, not just the local snapshots. 😏
Read from somewhere;
To disable local snapshots sudo tmutil disablelocal
To enable it again sudo tmutil enablelocal
@tedhagos As I mentioned above: The verb disablelocal
was removed from tmutil
in High Sierra and has never shown up again. 😄
@mirkoschubert. Sorry, I just pasted it straight from my nvALT without testing it; just tested in in Mojave now; it's (still) not there
You need to (1) list all snapshots (or rather their dates), and then (2) delete them… and do that on a regular basis, i.e. with a LaunchDaemon.
This is important, because TM snapshots are (for all intents and purposes) public, i.e. with the right forensic software and your Mac slaved in target disk mode, an atttacker can grab the contents of your snapshots including extended attributes, even with T2-encryption at rest.
I'm boggled that Apple thought removing tmutil disablelocal
was a good idea, while leaving users' data open like this.
The option in
.macos
to disable local snapshots (time machine) is redundant, becausetmutil
does not have the optiondisablelocal
anymore. As far as I know this applies to Sierra and High Sierra.There is no substitute for this functionality, so the option should be deleted. All you can do is check if any local snapshot is stored (
tmutil listlocalsnapshots /
) and delete then one by one if necessary (tmutil deletelocalsnapshots [date]
).