ZFS safety

What happens when you temporarily disconnect a disk from a ZFS pool?

ZFS provides RAID-Z to prevent data loss in the event of a disk failure. I was recently surprised to learn that

  1. SATA data cables can disconnect quite easily, and
  2. ZFS does not prevent writes when disks are missing

I wonder what would happen under the following scenario:

  1. You have a RAID-Z1 vdev with 3 disks (it can survive 1 disk failure but not two, parity is distributed across the disks).
  2. One of the disks gets disconnected.
  3. You issue a write that gets persisted to the remaining disks.
  4. One of the remaining disks fails
  5. You reconnect the disconnected disk

Can you recover? Obviously the last write is toast. But can ZFS recover everything before that point? I'm not sure, but I found two easy (but incomplete) mitigations:

  1. Always use locking SATA data cables. They are cheap and they prevent accidental disconnections.
  2. Modify systemd to import zpool in readonly mode (and then export/re-import in read/write after verifying that all the disks are connected)
% sudo EDITOR=vim systemctl edit zfs-import-cache.service
[Service]
# Clear the original ExecStart
ExecStart=

# Replace it with an ExecStart that sets readonly=on
ExecStart=/sbin/zpool import -c /etc/zfs/zpool.cache -aN -o readonly=on

Another mitigation that's not always practical: mirror. If you have 2 disks, use RAID-Z1. If you have 3, RAID-Z2. If you have 4, RAID-Z3. That way any disk will work on its own.


If you enjoyed this post, please let me know on Twitter or Bluesky.

Posted September 24, 2025.

Tags: #linux, #zfs

Index RSS About