[zfs-discuss] ZFS send-receive between remote machines as non-root user

Sergey Wed, 23 Sep 2009 06:43:28 -0700

Hi list,

I have a question about setting up zfs send-receive functionality (between 
remote machine) as non-root user.


"server1" - is a server where "zfs send" will be executed
"server2" - is a server where "zfs receive" will be executed.

I am using the following zfs structure:

[server1]$ zfs list -t filesystem -r datapool/data
NAME                         USED  AVAIL  REFER  MOUNTPOINT
datapool/data              2.05G   223G  2.05G  /opt/data
datapool/data/logs           35K   223G    19K  /opt/data/logs
datapool/data/db            18K   223G    18K  /opt/data/db


[server1]$ zfs list -t filesystem -r datapool2/data
NAME                                 USED  AVAIL  REFER  MOUNTPOINT
datapool2/data                       72K  6.91G    18K  /datapool2/data
datapool2/data/fastdb       18K  6.91G    18K  /opt/data/fastdb
datapool2/data/fastdblog    18K  6.91G    18K  /opt/data/fastdblog
datapool2/data/dblog        18K  6.91G    18K  /opt/data/dblog


ZFS delegated permissions setup on the sending machine:

[server1]$ zfs allow datapool/data
-------------------------------------------------------------
Local+Descendent permissions on (datapool/data)
        user joe 
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot
-------------------------------------------------------------

[server1]$ zfs allow datapool2/data
-------------------------------------------------------------
Local+Descendent permissions on (data2/data)
        user joe 
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot
-------------------------------------------------------------


The idea is to create a snapshot and send it to another machine with zfs using 
zfs send-receive.

So I am creating a snapshot and ... get the following error:

[server1]$ zfs list -t snapshot -r datapool/data
NAME                                                USED  AVAIL  REFER  
MOUNTPOINT
datapool/d...@rolling-20090923140714                48K      -  2.05G  -
datapool/data/l...@rolling-20090923140714           16K      -    18K  -
datapool/data/d...@rolling-20090923140714      0      -    18K  -

[server1]$ zfs list -t snapshot -r datapool2/data
NAME                                                        USED  AVAIL  REFER  
MOUNTPOINT
datapool2/d...@rolling-20090923140714                         0      -    18K  -
datapool2/data/fas...@rolling-20090923140714         0      -    18K  -
datapool2/data/fastdb...@rolling-20090923140714      0      -    18K  -
datapool2/data/db...@rolling-20090923140714          0      -    18K  -


To send the snapshot I'm using the following command (for "datapool" datapool):

[server1]$ zfs send -R datapool/d...@rolling-20090923140714 | ssh server2 zfs 
receive -vd datapool/data_backups/`hostname`/datapool

receiving full stream of datapool/d...@rolling-20090923140714 into 
datapool/data_backups/server1/datapool/data
@rolling-20090923140714
received 2.06GB stream in 62 seconds (34.0MB/sec)
receiving full stream of datapool/data/l...@rolling-20090923140714 into 
datapool/data_backups/server2/datapool/data/l...@rolling-20090923140714
cannot mount 'datapool/data_backups/server1/datapool/data/logs': Insufficient 
privileges


Seems like user "joe" on the remote server ("server2") can not mount the 
filesystem:

[server2]$ zfs mount datapool/data_backups/server1/datapool/data/logs
cannot mount 'datapool/data_backups/server1/datapool/data/logs': Insufficient 
privileges

ZFS delegated permissions on the receiving side look fine for me:

[server2]$ zfs allow datapool/data_backups/server1/datapool/data/logs
-------------------------------------------------------------
Local+Descendent permissions on (datapool/data_backups)
        user joe 
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot
-------------------------------------------------------------
Local+Descendent permissions on (datapool)
        user joe 
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot

"zfs receive" creates a mountpoint with "root:root" permissions:

[server2]$ ls -ld /opt/data_backups/server2/datapool/data/logs/
drwxr-xr-x   2 root     root           2 Sep 23 14:02 
/opt/data_backups/server1/datapool/data/logs/

I've tried to play with RBAC a bit ..:
[server2]$ id 
uid=750(joe) gid=750(prod)

[server2]$ profiles
File System Security
ZFS File System Management
File System Management
Service Management
Basic Solaris User
All

... but no luck - I still have zfs mount error while receiving a snapshot:

Both servers are running Solaris U7 x86_64, Generic_139556-08.

Is there any method to setup zfs send-receive functionality for descending zfs 
filesystems as non-root user?
-- 
This message posted from opensolaris.org
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss

[zfs-discuss] ZFS send-receive between remote machines as non-root user

Reply via email to