493 lines
15 KiB
Groff
493 lines
15 KiB
Groff
.\"
|
|
.\" CDDL HEADER START
|
|
.\"
|
|
.\" The contents of this file are subject to the terms of the
|
|
.\" Common Development and Distribution License (the "License").
|
|
.\" You may not use this file except in compliance with the License.
|
|
.\"
|
|
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
.\" or https://opensource.org/licenses/CDDL-1.0.
|
|
.\" See the License for the specific language governing permissions
|
|
.\" and limitations under the License.
|
|
.\"
|
|
.\" When distributing Covered Code, include this CDDL HEADER in each
|
|
.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
.\" If applicable, add the following below this CDDL HEADER, with the
|
|
.\" fields enclosed by brackets "[]" replaced with your own identifying
|
|
.\" information: Portions Copyright [yyyy] [name of copyright owner]
|
|
.\"
|
|
.\" CDDL HEADER END
|
|
.\"
|
|
.\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
|
|
.\" Copyright 2011 Joshua M. Clulow <josh@sysmgr.org>
|
|
.\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
|
|
.\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
|
|
.\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
|
|
.\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
|
|
.\" Copyright (c) 2014 Integros [integros.com]
|
|
.\" Copyright 2019 Richard Laager. All rights reserved.
|
|
.\" Copyright 2018 Nexenta Systems, Inc.
|
|
.\" Copyright 2019 Joyent, Inc.
|
|
.\"
|
|
.Dd March 16, 2022
|
|
.Dt ZFS-ALLOW 8
|
|
.Os
|
|
.
|
|
.Sh NAME
|
|
.Nm zfs-allow
|
|
.Nd delegate ZFS administration permissions to unprivileged users
|
|
.Sh SYNOPSIS
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Op Fl dglu
|
|
.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Op Fl dl
|
|
.Fl e Ns | Ns Sy everyone
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Fl c
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Fl s No @ Ns Ar setname
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl dglru
|
|
.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl dlr
|
|
.Fl e Ns | Ns Sy everyone
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl r
|
|
.Fl c
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl r
|
|
.Fl s No @ Ns Ar setname
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.
|
|
.Sh DESCRIPTION
|
|
.Bl -tag -width ""
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
Displays permissions that have been delegated on the specified filesystem or
|
|
volume.
|
|
See the other forms of
|
|
.Nm zfs Cm allow
|
|
for more information.
|
|
.Pp
|
|
Delegations are supported under Linux with the exception of
|
|
.Sy mount ,
|
|
.Sy unmount ,
|
|
.Sy mountpoint ,
|
|
.Sy canmount ,
|
|
.Sy rename ,
|
|
and
|
|
.Sy share .
|
|
These permissions cannot be delegated because the Linux
|
|
.Xr mount 8
|
|
command restricts modifications of the global namespace to the root user.
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Op Fl dglu
|
|
.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Op Fl dl
|
|
.Fl e Ns | Ns Sy everyone
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
Delegates ZFS administration permission for the file systems to non-privileged
|
|
users.
|
|
.Bl -tag -width "-d"
|
|
.It Fl d
|
|
Allow only for the descendent file systems.
|
|
.It Fl e Ns | Ns Sy everyone
|
|
Specifies that the permissions be delegated to everyone.
|
|
.It Fl g Ar group Ns Oo , Ns Ar group Oc Ns …
|
|
Explicitly specify that permissions are delegated to the group.
|
|
.It Fl l
|
|
Allow
|
|
.Qq locally
|
|
only for the specified file system.
|
|
.It Fl u Ar user Ns Oo , Ns Ar user Oc Ns …
|
|
Explicitly specify that permissions are delegated to the user.
|
|
.It Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
|
|
Specifies to whom the permissions are delegated.
|
|
Multiple entities can be specified as a comma-separated list.
|
|
If neither of the
|
|
.Fl gu
|
|
options are specified, then the argument is interpreted preferentially as the
|
|
keyword
|
|
.Sy everyone ,
|
|
then as a user name, and lastly as a group name.
|
|
To specify a user or group named
|
|
.Qq everyone ,
|
|
use the
|
|
.Fl g
|
|
or
|
|
.Fl u
|
|
options.
|
|
To specify a group with the same name as a user, use the
|
|
.Fl g
|
|
options.
|
|
.It Xo
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Xc
|
|
The permissions to delegate.
|
|
Multiple permissions may be specified as a comma-separated list.
|
|
Permission names are the same as ZFS subcommand and property names.
|
|
See the property list below.
|
|
Property set names, which begin with
|
|
.Sy @ ,
|
|
may be specified.
|
|
See the
|
|
.Fl s
|
|
form below for details.
|
|
.El
|
|
.Pp
|
|
If neither of the
|
|
.Fl dl
|
|
options are specified, or both are, then the permissions are allowed for the
|
|
file system or volume, and all of its descendents.
|
|
.Pp
|
|
Permissions are generally the ability to use a ZFS subcommand or change a ZFS
|
|
property.
|
|
The following permissions are available:
|
|
.TS
|
|
l l l .
|
|
NAME TYPE NOTES
|
|
_ _ _
|
|
allow subcommand Must also have the permission that is being allowed
|
|
bookmark subcommand
|
|
clone subcommand Must also have the \fBcreate\fR ability and \fBmount\fR ability in the origin file system
|
|
create subcommand Must also have the \fBmount\fR ability. Must also have the \fBrefreservation\fR ability to create a non-sparse volume.
|
|
destroy subcommand Must also have the \fBmount\fR ability
|
|
diff subcommand Allows lookup of paths within a dataset given an object number, and the ability to create snapshots necessary to \fBzfs diff\fR.
|
|
hold subcommand Allows adding a user hold to a snapshot
|
|
load-key subcommand Allows loading and unloading of encryption key (see \fBzfs load-key\fR and \fBzfs unload-key\fR).
|
|
change-key subcommand Allows changing an encryption key via \fBzfs change-key\fR.
|
|
mount subcommand Allows mounting/umounting ZFS datasets
|
|
promote subcommand Must also have the \fBmount\fR and \fBpromote\fR ability in the origin file system
|
|
receive subcommand Must also have the \fBmount\fR and \fBcreate\fR ability
|
|
release subcommand Allows releasing a user hold which might destroy the snapshot
|
|
rename subcommand Must also have the \fBmount\fR and \fBcreate\fR ability in the new parent
|
|
rollback subcommand Must also have the \fBmount\fR ability
|
|
send subcommand
|
|
share subcommand Allows sharing file systems over NFS or SMB protocols
|
|
snapshot subcommand Must also have the \fBmount\fR ability
|
|
|
|
groupquota other Allows accessing any \fBgroupquota@\fI…\fR property
|
|
groupobjquota other Allows accessing any \fBgroupobjquota@\fI…\fR property
|
|
groupused other Allows reading any \fBgroupused@\fI…\fR property
|
|
groupobjused other Allows reading any \fBgroupobjused@\fI…\fR property
|
|
userprop other Allows changing any user property
|
|
userquota other Allows accessing any \fBuserquota@\fI…\fR property
|
|
userobjquota other Allows accessing any \fBuserobjquota@\fI…\fR property
|
|
userused other Allows reading any \fBuserused@\fI…\fR property
|
|
userobjused other Allows reading any \fBuserobjused@\fI…\fR property
|
|
projectobjquota other Allows accessing any \fBprojectobjquota@\fI…\fR property
|
|
projectquota other Allows accessing any \fBprojectquota@\fI…\fR property
|
|
projectobjused other Allows reading any \fBprojectobjused@\fI…\fR property
|
|
projectused other Allows reading any \fBprojectused@\fI…\fR property
|
|
|
|
aclinherit property
|
|
aclmode property
|
|
acltype property
|
|
atime property
|
|
canmount property
|
|
casesensitivity property
|
|
checksum property
|
|
compression property
|
|
context property
|
|
copies property
|
|
dedup property
|
|
defcontext property
|
|
devices property
|
|
dnodesize property
|
|
encryption property
|
|
exec property
|
|
filesystem_limit property
|
|
fscontext property
|
|
keyformat property
|
|
keylocation property
|
|
logbias property
|
|
mlslabel property
|
|
mountpoint property
|
|
nbmand property
|
|
normalization property
|
|
overlay property
|
|
pbkdf2iters property
|
|
primarycache property
|
|
quota property
|
|
readonly property
|
|
recordsize property
|
|
redundant_metadata property
|
|
refquota property
|
|
refreservation property
|
|
relatime property
|
|
reservation property
|
|
rootcontext property
|
|
secondarycache property
|
|
setuid property
|
|
sharenfs property
|
|
sharesmb property
|
|
snapdev property
|
|
snapdir property
|
|
snapshot_limit property
|
|
special_small_blocks property
|
|
sync property
|
|
utf8only property
|
|
version property
|
|
volblocksize property
|
|
volmode property
|
|
volsize property
|
|
vscan property
|
|
xattr property
|
|
zoned property
|
|
.TE
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Fl c
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
Sets
|
|
.Qq create time
|
|
permissions.
|
|
These permissions are granted
|
|
.Pq locally
|
|
to the creator of any newly-created descendent file system.
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm allow
|
|
.Fl s No @ Ns Ar setname
|
|
.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns …
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
Defines or adds permissions to a permission set.
|
|
The set can be used by other
|
|
.Nm zfs Cm allow
|
|
commands for the specified file system and its descendents.
|
|
Sets are evaluated dynamically, so changes to a set are immediately reflected.
|
|
Permission sets follow the same naming restrictions as ZFS file systems, but the
|
|
name must begin with
|
|
.Sy @ ,
|
|
and can be no more than 64 characters long.
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl dglru
|
|
.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl dlr
|
|
.Fl e Ns | Ns Sy everyone
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl r
|
|
.Fl c
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
Removes permissions that were granted with the
|
|
.Nm zfs Cm allow
|
|
command.
|
|
No permissions are explicitly denied, so other permissions granted are still in
|
|
effect.
|
|
For example, if the permission is granted by an ancestor.
|
|
If no permissions are specified, then all permissions for the specified
|
|
.Ar user ,
|
|
.Ar group ,
|
|
or
|
|
.Sy everyone
|
|
are removed.
|
|
Specifying
|
|
.Sy everyone
|
|
.Po or using the
|
|
.Fl e
|
|
option
|
|
.Pc
|
|
only removes the permissions that were granted to everyone, not all permissions
|
|
for every user and group.
|
|
See the
|
|
.Nm zfs Cm allow
|
|
command for a description of the
|
|
.Fl ldugec
|
|
options.
|
|
.Bl -tag -width "-r"
|
|
.It Fl r
|
|
Recursively remove the permissions from this file system and all descendents.
|
|
.El
|
|
.It Xo
|
|
.Nm zfs
|
|
.Cm unallow
|
|
.Op Fl r
|
|
.Fl s No @ Ns Ar setname
|
|
.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
|
|
.Ar setname Oc Ns … Oc
|
|
.Ar filesystem Ns | Ns Ar volume
|
|
.Xc
|
|
Removes permissions from a permission set.
|
|
If no permissions are specified, then all permissions are removed, thus removing
|
|
the set entirely.
|
|
.El
|
|
.
|
|
.Sh EXAMPLES
|
|
.\" These are, respectively, examples 17, 18, 19, 20 from zfs.8
|
|
.\" Make sure to update them bidirectionally
|
|
.Ss Example 1 : No Delegating ZFS Administration Permissions on a ZFS Dataset
|
|
The following example shows how to set permissions so that user
|
|
.Ar cindys
|
|
can create, destroy, mount, and take snapshots on
|
|
.Ar tank/cindys .
|
|
The permissions on
|
|
.Ar tank/cindys
|
|
are also displayed.
|
|
.Bd -literal -compact -offset Ds
|
|
.No # Nm zfs Cm allow Sy cindys create , Ns Sy destroy , Ns Sy mount , Ns Sy snapshot Ar tank/cindys
|
|
.No # Nm zfs Cm allow Ar tank/cindys
|
|
---- Permissions on tank/cindys --------------------------------------
|
|
Local+Descendent permissions:
|
|
user cindys create,destroy,mount,snapshot
|
|
.Ed
|
|
.Pp
|
|
Because the
|
|
.Ar tank/cindys
|
|
mount point permission is set to 755 by default, user
|
|
.Ar cindys
|
|
will be unable to mount file systems under
|
|
.Ar tank/cindys .
|
|
Add an ACE similar to the following syntax to provide mount point access:
|
|
.Dl # Cm chmod No A+user : Ns Ar cindys Ns :add_subdirectory:allow Ar /tank/cindys
|
|
.
|
|
.Ss Example 2 : No Delegating Create Time Permissions on a ZFS Dataset
|
|
The following example shows how to grant anyone in the group
|
|
.Ar staff
|
|
to create file systems in
|
|
.Ar tank/users .
|
|
This syntax also allows staff members to destroy their own file systems, but not
|
|
destroy anyone else's file system.
|
|
The permissions on
|
|
.Ar tank/users
|
|
are also displayed.
|
|
.Bd -literal -compact -offset Ds
|
|
.No # Nm zfs Cm allow Ar staff Sy create , Ns Sy mount Ar tank/users
|
|
.No # Nm zfs Cm allow Fl c Sy destroy Ar tank/users
|
|
.No # Nm zfs Cm allow Ar tank/users
|
|
---- Permissions on tank/users ---------------------------------------
|
|
Permission sets:
|
|
destroy
|
|
Local+Descendent permissions:
|
|
group staff create,mount
|
|
.Ed
|
|
.
|
|
.Ss Example 3 : No Defining and Granting a Permission Set on a ZFS Dataset
|
|
The following example shows how to define and grant a permission set on the
|
|
.Ar tank/users
|
|
file system.
|
|
The permissions on
|
|
.Ar tank/users
|
|
are also displayed.
|
|
.Bd -literal -compact -offset Ds
|
|
.No # Nm zfs Cm allow Fl s No @ Ns Ar pset Sy create , Ns Sy destroy , Ns Sy snapshot , Ns Sy mount Ar tank/users
|
|
.No # Nm zfs Cm allow staff No @ Ns Ar pset tank/users
|
|
.No # Nm zfs Cm allow Ar tank/users
|
|
---- Permissions on tank/users ---------------------------------------
|
|
Permission sets:
|
|
@pset create,destroy,mount,snapshot
|
|
Local+Descendent permissions:
|
|
group staff @pset
|
|
.Ed
|
|
.
|
|
.Ss Example 4 : No Delegating Property Permissions on a ZFS Dataset
|
|
The following example shows to grant the ability to set quotas and reservations
|
|
on the
|
|
.Ar users/home
|
|
file system.
|
|
The permissions on
|
|
.Ar users/home
|
|
are also displayed.
|
|
.Bd -literal -compact -offset Ds
|
|
.No # Nm zfs Cm allow Ar cindys Sy quota , Ns Sy reservation Ar users/home
|
|
.No # Nm zfs Cm allow Ar users/home
|
|
---- Permissions on users/home ---------------------------------------
|
|
Local+Descendent permissions:
|
|
user cindys quota,reservation
|
|
cindys% zfs set quota=10G users/home/marks
|
|
cindys% zfs get quota users/home/marks
|
|
NAME PROPERTY VALUE SOURCE
|
|
users/home/marks quota 10G local
|
|
.Ed
|
|
.
|
|
.Ss Example 5 : No Removing ZFS Delegated Permissions on a ZFS Dataset
|
|
The following example shows how to remove the snapshot permission from the
|
|
.Ar staff
|
|
group on the
|
|
.Sy tank/users
|
|
file system.
|
|
The permissions on
|
|
.Sy tank/users
|
|
are also displayed.
|
|
.Bd -literal -compact -offset Ds
|
|
.No # Nm zfs Cm unallow Ar staff Sy snapshot Ar tank/users
|
|
.No # Nm zfs Cm allow Ar tank/users
|
|
---- Permissions on tank/users ---------------------------------------
|
|
Permission sets:
|
|
@pset create,destroy,mount,snapshot
|
|
Local+Descendent permissions:
|
|
group staff @pset
|
|
.Ed
|