similar to: RBAC and zfs

Hi all! I need a non-root user to be able to perform zfs snapshots and rollbacks. Does anybody know what privileges that should be specified in /etc/user_attr ? Best regards, Lars-Erik Bj?rk

Anthony Scarpino wrote (elsewhere): > While writing up the man page.. I thought of a few things that I was > wondering if you considered.. > > Can an encrypted dataset (keytype=dataset) reside in a non-encrypted (no > kek defined) pool? I can see a case for and against allowing this when considering it purely at the feature level as users/admins see things. The admin can

Anthony Scarpino wrote (elsewhere): > While writing up the man page.. I thought of a few things that I was > wondering if you considered.. > > Can an encrypted dataset (keytype=dataset) reside in a non-encrypted (no > kek defined) pool? I can see a case for and against allowing this when considering it purely at the feature level as users/admins see things. The admin can

http://defect.opensolaris.org/bz/show_bug.cgi?id=2033 Summary: ''zfs create'' causes panic if key file doesn''t exist Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: minor Priority: P2 Component:

http://defect.opensolaris.org/bz/show_bug.cgi?id=971 Summary: zfs key -l fails after unloading (keyscope=dataset) Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: other AssignedTo:

I am trying to configure a system where I have two different NFS shares which point to the same directory. The idea is if you come in via one path, you will have read-only access and can''t delete any files, if you come in the 2nd path, then you will have read/write access. For example, create the read/write nfs share: zfs create tank/snapshots zfs set sharenfs=on tank/snapshots root

Hi all, I have a pool called tank/home/foo and I want to rename it to tank/home/bar. What''s the best way to do this (the zfs and zpool man pages don''t have a "rename" option)? One way I can think of is to create a clone of tank/home/foo called tank/home/bar, and then destroy the former. Is that the best (or even only) way? TIA, -- Rich Teer, SCSA, SCNA, SCSECA,

Hello, I want to setup an opensolaris for centralized storage server, using ZFS as the underlying FS, on a RAID 10 SATA disks. I will export the storage blocks using ISCSI to RHEL 5 (less than 10 clients, and I will format the partition as EXT3) I want to ask... 1. Is this setup suitable for mission critical use now? 2. Can I use LVM with this setup? Currently we are using NFS as the

http://defect.opensolaris.org/bz/show_bug.cgi?id=1986 Summary: ''zfs destroy'' hangs on encrypted dataset Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: major Priority: P2 Component: other

Hi, as Richard Elling wrote earlier: "For more background, low-cost SSDs intended for the boot market are perfect candidates. Take a X-25V @ 40GB and use 15-20 GB for root and the rest for an L2ARC. For small form factor machines or machines with max capacity of 8GB of RAM (a typical home system) this can make a pleasant improvement over a HDD-only implementation." For the upcoming

Starting from this thread: http://www.opensolaris.org/jive/thread.jspa?messageID=118786&#118786 I would love to have the possibility to set an ISCSI alias when doing an shareiscsi=on on ZFS. This will greatly facilate to identify where an IQN is hosted. the ISCSI alias is defined in rfc 3721 e.g. http://www.apps.ietf.org/rfc/rfc3721.html#sec-2 and the CLI could be something like: zfs set

This is possibly the dumbest question I have asked ever, but how do you set ACLs on files within a ZFS filesystem? Trying to use setfacl(1) diverts me to the acl(5) manpage; well, I know that I need to use NFSv4 style ACLs, but where is the utility to do so? This is on Solaris 10 Update 2. Thanks, Ceri -- That must be wonderful! I don''t understand it at all.

I have one thing happening now at boot which must have happened during the migration to zfs boot. I get an error message about /dev/random: "No randomness provider enabled for /dev/random. Use cryptoadm to provide one." Does anyone know how to fix this? Another thing: Is it possible to upgrade to a higher build when using zfs boot? Is this what LiveUpgrade does? And is there a step by

I''m playing around with snv_128 on one of my systems, and trying to see what kinda of benefits enabling dedup will give me. The standard practice for reprocessing data that''s already stored to add compression and now dedup seems to be a send / receive pipe similar to: zfs send -R <old fs>@snap | zfs recv -d <new fs> However, according to the man page,

Hi all! First off, if this has been discussed, please point me in that direction. I have searched high and low and really can''t find much info on the subject. We have a large-ish (200gb) UFS file system on a Sun Enterprise 250 that is being shared with samba (lots of files, mostly random IO). OS is Solaris 10u3. Disk set is 7x36gb 10k scsi, 4 internal 3 external. For several

Hi, if I do the following: ssh -X localhost su - another_user xterm I get: X connection to ming:10.0 broken (explicit kill or server shutdown). Where what is really wanted was something like: Xlib: connection to ":0.0" refused by server Xlib: Client is not authorized to connect to Server xterm Xt error: Can't open display: :0.0 'tis easy to reproduce the bug, but the debug

yo, has anyone done a good RBAC implementation for rails? I see lotsa mini-tutorial-suggestions, but not... ActionRBAC! :) any pointers helpful - if nothing exists I think I''ll duplicate the RBAC implementation we did for binarycloud (binarycloud.com) and give it to the community. thanks for any help, _alex -- alex black, founder the turing studio, inc. 510.666.0074

I''m trying to design an RBAC solution for my project. I don''t want to use plugins or engines as I''d like to know how it works. My problem is as follows. I have 4 user types: caller, client, rep, admin. Each have their own model because they would require different registration information. For instance rep requires tax id # whereas caller requires social security

Author: bubbva Repository: /hg/zfs-crypto/gate Revision: d8b153eb88fe5e992d16ca0931315fb4ffc14e2b Log message: 6249706 rbac utilities have unused variables Contributed by Stephen Potter <spp at unixsa.net>. Files: update: usr/src/cmd/auths/auths.c update: usr/src/cmd/profiles/profiles.c update: usr/src/cmd/roles/roles.c

Author: eschrock Repository: /hg/zfs-crypto/gate Revision: 772877c84f6d282397b70b9c1aa8fe3107aa21ca Log message: 6343625 ZFS RBAC integration is incomplete Files: update: usr/src/lib/libsecdb/exec_attr.txt