Bart Smaalders wrote:
Matthew Ahrens wrote:
On Mon, Jul 17, 2006 at 09:44:28AM -0700, Bart Smaalders wrote:
Mark Shellenbaum wrote:
PERMISSION GRANTING
zfs allow -c <ability>[,<ability>...] <dataset>
-c "Create" means that the permission will be granted (Locally) to the
creator on any newly-created descendant filesystems.
ALLOW EXAMPLE
Lets setup a public build machine where engineers in group "staff"
can create ZFS file systems,clones,snapshots and so on, but you want
to allow only creator of the file system to destroy it.
# zpool create sandbox <disks>
# chmod 1777 /sandbox
# zfs allow -l staff create sandbox
# zfs allow -c create,destroy,snapshot,clone,promote,mount sandbox
So as administrator what do I need to do to set
/export/home up for users to be able to create their own
snapshots, create dependent filesystems (but still mounted
underneath their /export/home/usrname)?
In other words, is there a way to specify the rights of the
owner of a filesystem rather than the individual - eg, delayed
evaluation of the owner?
I think you're asking for the -c "Creator" flag. This allows
permissions (eg, to take snapshots) to be granted to whoever creates the
filesystem. The above example shows how this might be done.
--matt
Actually, I think I mean owner.
I want root to create a new filesystem for a new user under
the /export/home filesystem, but then have that user get the
right privs via inheritance rather than requiring root to run
a set of zfs commands.
Yes, you can delegate snapshot,clone,...
# zfs allow <user> snapshot,mount,clone,<whatever> pool
that will allow the above permissions to be inherited by all datasets in
the pool.
If you wanted to open it up even more you could do
# zfs allow everyone snapshot,mount,clone,<whatever> pool
That would allow anybody to create a snapshot,clone,...
The -l and -d control the inheritance of the allow permissions.
- Bart
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
