On machines I work on, as root, I try to always have my root umask set to 0700, for security purposes. However, there is a slight operational issue with ZFS, namely that the following is now my standard practice when creating ZFS filesystems: # zfs create tank/foo # zfs umount tank/foo # chmod 755 /tank/foo # zfs mount tank/foo # chmod me /tank/foo blah! I feel like I''ve run the minute mile after doing that! Which leads me to ask, why can''t I put more of this into the zfs create command line? e.g. zfs create tank/foo -m 755 -u me Darren
Darren.Reed at Sun.COM wrote:> On machines I work on, as root, I try to always have my root > umask set to 0700, for security purposes. > > However, there is a slight operational issue with ZFS, namely > that the following is now my standard practice when creating > ZFS filesystems: > > # zfs create tank/foo > # zfs umount tank/foo > # chmod 755 /tank/foo > # zfs mount tank/foo > # chmod me /tank/foo > > blah! I feel like I''ve run the minute mile after doing that! > > Which leads me to ask, why can''t I put more of this into > the zfs create command line? e.g. > > zfs create tank/foo -m 755 -u meLooks like what you want is to delegate tank/foo to a user that is described in PSARC/2006/465 ZFS Delegated Administration. It hasn''t integrated yet. -- Darren J Moffat
>Looks like what you want is to delegate tank/foo to a user that is >described in PSARC/2006/465 ZFS Delegated Administration. It hasn''t >integrated yet.Isn''t this just still the bug about creating mountpoints mode 700 rather than 755? Casper
Casper.Dik at Sun.COM wrote:> >>Looks like what you want is to delegate tank/foo to a user that is >>described in PSARC/2006/465 ZFS Delegated Administration. It hasn''t >>integrated yet. >> > > >Isn''t this just still the bug about creating mountpoints mode 700 >rather than 755? >That gets more to the heart of the problem, yes. A different way to look at this problem is that there is no way to have any direct interaction with the ''mkdir zfs-mountpoint'' aside from the umask setting (which often interferes in the wrong way.) In the past, with UFS, I''d do: mkdir -m 755 /mountpoint <edit /etc/vfstab> mount /mountpoint Seeing as ZFS tries to merge all of this into one command, it would seem reasonable to me for some of mkdir''s commandline args to be made available with the "zfs create" step? Darren