thr3ads.net - zfs discuss - [zfs-discuss] ZFS send-receive between remote machines as non-root user [Sep 2009]

If this information is useful, please help other people find it:
Share via:
Sergey
2009-Sep-23 13:42 UTC
[zfs-discuss] ZFS send-receive between remote machines as non-root user

Hi list,

I have a question about setting up zfs send-receive functionality (between
remote machine) as non-root user.

"server1" - is a server where "zfs send" will be executed
"server2" - is a server where "zfs receive" will be
executed.

I am using the following zfs structure:

[server1]$ zfs list -t filesystem -r datapool/data
NAME                         USED  AVAIL  REFER  MOUNTPOINT
datapool/data              2.05G   223G  2.05G  /opt/data
datapool/data/logs           35K   223G    19K  /opt/data/logs
datapool/data/db    	    18K   223G    18K  /opt/data/db


[server1]$ zfs list -t filesystem -r datapool2/data
NAME                                 USED  AVAIL  REFER  MOUNTPOINT
datapool2/data                       72K  6.91G    18K  /datapool2/data
datapool2/data/fastdb       18K  6.91G    18K  /opt/data/fastdb
datapool2/data/fastdblog    18K  6.91G    18K  /opt/data/fastdblog
datapool2/data/dblog        18K  6.91G    18K  /opt/data/dblog


ZFS delegated permissions setup on the sending machine:

[server1]$ zfs allow datapool/data
-------------------------------------------------------------
Local+Descendent permissions on (datapool/data)
        user joe
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot
-------------------------------------------------------------

[server1]$ zfs allow datapool2/data
-------------------------------------------------------------
Local+Descendent permissions on (data2/data)
        user joe
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot
-------------------------------------------------------------


The idea is to create a snapshot and send it to another machine with zfs using
zfs send-receive.

So I am creating a snapshot and ... get the following error:

[server1]$ zfs list -t snapshot -r datapool/data
NAME                                                USED  AVAIL  REFER 
MOUNTPOINT
datapool/data at rolling-20090923140714                48K      -  2.05G  -
datapool/data/logs at rolling-20090923140714           16K      -    18K  -
datapool/data/db at rolling-20090923140714      0      -    18K  -

[server1]$ zfs list -t snapshot -r datapool2/data
NAME                                                        USED  AVAIL  REFER 
MOUNTPOINT
datapool2/data at rolling-20090923140714                         0      -    18K
-
datapool2/data/fastdb at rolling-20090923140714         0      -    18K  -
datapool2/data/fastdblog at rolling-20090923140714      0      -    18K  -
datapool2/data/dblog at rolling-20090923140714          0      -    18K  -


To send the snapshot I''m using the following command (for
"datapool" datapool):

[server1]$ zfs send -R datapool/data at rolling-20090923140714 | ssh server2 zfs
receive -vd datapool/data_backups/`hostname`/datapool

receiving full stream of datapool/data at rolling-20090923140714 into
datapool/data_backups/server1/datapool/data
@rolling-20090923140714
received 2.06GB stream in 62 seconds (34.0MB/sec)
receiving full stream of datapool/data/logs at rolling-20090923140714 into
datapool/data_backups/server2/datapool/data/logs at rolling-20090923140714
cannot mount
''datapool/data_backups/server1/datapool/data/logs'':
Insufficient privileges


Seems like user "joe" on the remote server ("server2") can
not mount the filesystem:

[server2]$ zfs mount datapool/data_backups/server1/datapool/data/logs
cannot mount
''datapool/data_backups/server1/datapool/data/logs'':
Insufficient privileges

ZFS delegated permissions on the receiving side look fine for me:

[server2]$ zfs allow datapool/data_backups/server1/datapool/data/logs
-------------------------------------------------------------
Local+Descendent permissions on (datapool/data_backups)
        user joe
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot
-------------------------------------------------------------
Local+Descendent permissions on (datapool)
        user joe
atime,canmount,create,destroy,mount,receive,rollback,send,snapshot

"zfs receive" creates a mountpoint with "root:root"
permissions:

[server2]$ ls -ld /opt/data_backups/server2/datapool/data/logs/
drwxr-xr-x   2 root     root           2 Sep 23 14:02
/opt/data_backups/server1/datapool/data/logs/

I''ve tried to play with RBAC a bit ..:
[server2]$ id 
uid=750(joe) gid=750(prod)

[server2]$ profiles
File System Security
ZFS File System Management
File System Management
Service Management
Basic Solaris User
All

... but no luck - I still have zfs mount error while receiving a snapshot:

Both servers are running Solaris U7 x86_64, Generic_139556-08.

Is there any method to setup zfs send-receive functionality for descending zfs
filesystems as non-root user?
-- 
This message posted from opensolaris.org
zfs discuss - Sep 2009 - ZFS send-receive between remote machines as non-root user

[zfs-discuss] ZFS send-receive between remote machines as non-root user
