From 575e20602c78006225cf30a101318b0434eeb0bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1?= Date: Wed, 16 Mar 2022 18:20:22 +0100 Subject: [PATCH] man: zfs-allow.8: import examples from zfs.8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-by: Brian Behlendorf Signed-off-by: Ahelenia ZiemiaƄska Closes #13228 --- man/man8/zfs-allow.8 | 108 ++++++++++++++++++++++++++++++++++++++++++- man/man8/zfs.8 | 2 + 2 files changed, 109 insertions(+), 1 deletion(-) diff --git a/man/man8/zfs-allow.8 b/man/man8/zfs-allow.8 index bbd62edc28..f949a0a5ee 100644 --- a/man/man8/zfs-allow.8 +++ b/man/man8/zfs-allow.8 @@ -29,7 +29,7 @@ .\" Copyright 2018 Nexenta Systems, Inc. .\" Copyright 2019 Joyent, Inc. .\" -.Dd May 27, 2021 +.Dd March 16, 2022 .Dt ZFS-ALLOW 8 .Os . @@ -384,3 +384,109 @@ Removes permissions from a permission set. If no permissions are specified, then all permissions are removed, thus removing the set entirely. .El +. +.Sh EXAMPLES +.\" These are, respectively, examples 17, 18, 19, 20 from zfs.8 +.\" Make sure to update them bidirectionally +.Ss Example 1 : No Delegating ZFS Administration Permissions on a ZFS Dataset +The following example shows how to set permissions so that user +.Ar cindys +can create, destroy, mount, and take snapshots on +.Ar tank/cindys . +The permissions on +.Ar tank/cindys +are also displayed. +.Bd -literal -compact -offset Ds +.No # Nm zfs Cm allow Sy cindys create , Ns Sy destroy , Ns Sy mount , Ns Sy snapshot Ar tank/cindys +.No # Nm zfs Cm allow Ar tank/cindys +---- Permissions on tank/cindys -------------------------------------- +Local+Descendent permissions: + user cindys create,destroy,mount,snapshot +.Ed +.Pp +Because the +.Ar tank/cindys +mount point permission is set to 755 by default, user +.Ar cindys +will be unable to mount file systems under +.Ar tank/cindys . +Add an ACE similar to the following syntax to provide mount point access: +.Dl # Cm chmod No A+user: Ns Ar cindys Ns :add_subdirectory:allow Ar /tank/cindys +. +.Ss Example 2 : No Delegating Create Time Permissions on a ZFS Dataset +The following example shows how to grant anyone in the group +.Ar staff +to create file systems in +.Ar tank/users . +This syntax also allows staff members to destroy their own file systems, but not +destroy anyone else's file system. +The permissions on +.Ar tank/users +are also displayed. +.Bd -literal -compact -offset Ds +.No # Nm zfs Cm allow Ar staff Sy create , Ns Sy mount Ar tank/users +.No # Nm zfs Cm allow Fl c Sy destroy Ar tank/users +.No # Nm zfs Cm allow Ar tank/users +---- Permissions on tank/users --------------------------------------- +Permission sets: + destroy +Local+Descendent permissions: + group staff create,mount +.Ed +. +.Ss Example 3 : No Defining and Granting a Permission Set on a ZFS Dataset +The following example shows how to define and grant a permission set on the +.Ar tank/users +file system. +The permissions on +.Ar tank/users +are also displayed. +.Bd -literal -compact -offset Ds +.No # Nm zfs Cm allow Fl s No @ Ns Ar pset Sy create , Ns Sy destroy , Ns Sy snapshot , Ns Sy mount Ar tank/users +.No # Nm zfs Cm allow staff No @ Ns Ar pset tank/users +.No # Nm zfs Cm allow Ar tank/users +---- Permissions on tank/users --------------------------------------- +Permission sets: + @pset create,destroy,mount,snapshot +Local+Descendent permissions: + group staff @pset +.Ed +. +.Ss Example 4 : No Delegating Property Permissions on a ZFS Dataset +The following example shows to grant the ability to set quotas and reservations +on the +.Ar users/home +file system. +The permissions on +.Ar users/home +are also displayed. +.Bd -literal -compact -offset Ds +.No # Nm zfs Cm allow Ar cindys Sy quota , Ns Sy reservation Ar users/home +.No # Nm zfs Cm allow Ar users/home +---- Permissions on users/home --------------------------------------- +Local+Descendent permissions: + user cindys quota,reservation +cindys% zfs set quota=10G users/home/marks +cindys% zfs get quota users/home/marks +NAME PROPERTY VALUE SOURCE +users/home/marks quota 10G local +.Ed +. +.Ss Example 5 : No Removing ZFS Delegated Permissions on a ZFS Dataset +The following example shows how to remove the snapshot permission from the +.Ar staff +group on the +.Sy tank/users +file system. +The permissions on +.Sy tank/users +are also displayed. +.Bd -literal -compact -offset Ds +.No # Nm zfs Cm unallow Ar staff Sy snapshot Ar tank/users +.No # Nm zfs Cm allow Ar tank/users +---- Permissions on tank/users --------------------------------------- +Permission sets: + @pset create,destroy,mount,snapshot +Local+Descendent permissions: + group staff @pset +.Ed diff --git a/man/man8/zfs.8 b/man/man8/zfs.8 index eb762fb404..a85732b28e 100644 --- a/man/man8/zfs.8 +++ b/man/man8/zfs.8 @@ -299,6 +299,8 @@ if an error occurs, and if invalid command line options were specified. . .Sh EXAMPLES +.\" Examples 17, 18, 19, 20, 21 are shared with zfs-allow.8. +.\" Make sure to update them bidirectionally .Ss Example 1 : No Creating a ZFS File System Hierarchy The following commands create a file system named .Ar pool/home