Roland Mainz wrote:
Darren J Moffat wrote:
James Dickens wrote:
I think ZFS should add the concept of ownership to a ZFS filesystem,
so if i create a filesystem for joe, he should be able to use his
space how ever he see's fit, if he wants to turn on compression or
take 5000 snapshots its his filesystem, let him. If he wants to
destroy snapshots, he created them it should be allowed, but he should
not be allowed to do the same with carol's filesystem. The current
filesystem management is not fine grained enough to deal with this. Of
course if we don't assign an owner the filesystem should perform much
like it does today.
Yes we do need something like this.
This is already covered by the following CRs 6280676, 6421209.
That could be done if "zfs" would be based on ksh93... you could simply
run it as "profile shell" (pfksh93) and make a profile for that user+ZFS
filesystem...
We already have an RBAC profile "ZFS File System Management" but that
allows the user given that profile to manage ALL ZFS file systems.
What this is really about is having the zfs kernel module check an ACL
on the data set to determine if the user can
create/snapshot/clone/destroy/ etc, also certain properties may need to
be "locked".
I've given a lot of thought to this as has Mark Shellenbaum and trust me
RBAC is not the answer here and ksh93 based zfs is not going to help one
way or another since this is all kernel based policy.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
