Darren J Moffat wrote:
Roland Mainz wrote:
Darren J Moffat wrote:
James Dickens wrote:
I think ZFS should add the concept of ownership to a ZFS filesystem,
so if i create a filesystem for joe, he should be able to use his
space how ever he see's fit, if he wants to turn on compression or
take 5000 snapshots its his filesystem, let him. If he wants to
destroy snapshots, he created them it should be allowed, but he should
not be allowed to do the same with carol's filesystem. The current
filesystem management is not fine grained enough to deal with this. Of
course if we don't assign an owner the filesystem should perform much
like it does today.
Yes we do need something like this.
This is already covered by the following CRs 6280676, 6421209.
That could be done if "zfs" would be based on ksh93... you could simply
run it as "profile shell" (pfksh93) and make a profile for that user+ZFS
filesystem...
We already have an RBAC profile "ZFS File System Management" but that
allows the user given that profile to manage ALL ZFS file systems.
What this is really about is having the zfs kernel module check an ACL
on the data set to determine if the user can
create/snapshot/clone/destroy/ etc, also certain properties may need
to be "locked".
Could it be worthwhile imposing limits, in addition to locking?
For example, if I gave you the right to snapshot ~darrenm, I might
want to only allow you 10 snapshots. Is that a worthwhile restriction
or is it better to just let quotas take care of that?
At issue here is the potential for (again :) zfs to spam df output
through potentially accidental excessive use of snapshots by a
user with a buggy cron job. Or maybe they have potential to
be malicious through this avenue too? The point here is not to
deny the action but to give it bounds.
Darren
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
