Hi all! I need a non-root user to be able to perform zfs snapshots and rollbacks. Does anybody know what privileges that should be specified in /etc/user_attr ? Best regards, Lars-Erik Bj?rk
Lars-Erik Bj?rk wrote:> Hi all! > > I need a non-root user to be able to perform zfs snapshots and rollbacks. > Does anybody know what privileges that should be specified in > /etc/user_attr ?Use the user delegation feature instead, this is exactly what it was designed for. # zfs allow -u lars rollback,snapshot,mount tank/home/lars That will allow you to take snapshots (and mount them) up and rollback. Note that you need ''mount'', and you may want ''share'' as well. See zfs(1) for more information. Without using "user delegation" you can''t control the ability to just deal with snapshots. There is the "ZFS File System Management" RBAC profile that you can assign but that allows you to do ANY zfs(1) operation to ANY pool. -- Darren J Moffat
Hmm.. my b69 installation understands zfs allow, but man zfs has no info at all. man says it was last modified on june 28. 2007, and also:-r--r--r-- 1 root bin 59081 Jul 10 12:34 /usr/share/man/man1m/zfs.1m I installed b69 by using live upgrade from, I think, b65. Is this a bug that needs filing? On 8/17/07, Darren J Moffat <darrenm at opensolaris.org> wrote:> > Lars-Erik Bj?rk wrote: > > Hi all! > > > > I need a non-root user to be able to perform zfs snapshots and > rollbacks. > > Does anybody know what privileges that should be specified in > > /etc/user_attr ? > > Use the user delegation feature instead, this is exactly what it was > designed for. > > # zfs allow -u lars rollback,snapshot,mount tank/home/lars > > That will allow you to take snapshots (and mount them) up and rollback. > Note that you need ''mount'', and you may want ''share'' as well. > > See zfs(1) for more information. > > Without using "user delegation" you can''t control the ability to just > deal with snapshots. There is the "ZFS File System Management" RBAC > profile that you can assign but that allows you to do ANY zfs(1) > operation to ANY pool. > > -- > Darren J Moffat > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/zfs-discuss/attachments/20070817/bdb1b030/attachment.html>
Marko Milisavljevic wrote:> Hmm.. my b69 installation understands zfs allow, but man zfs has no info > at all.Usually the manpages are updated in the same build as a new feature is added, but the delegated admin manpage changes were extensive and slipped to build 70. --matt
Marko, The ZFS Admin Guide has been updated to include the delegated administration feature. See Chapter 8, here: http://opensolaris.org/os/community/zfs/docs/zfsadmin.pdf Cindy Matthew Ahrens wrote:> Marko Milisavljevic wrote: > >>Hmm.. my b69 installation understands zfs allow, but man zfs has no info >>at all. > > > Usually the manpages are updated in the same build as a new feature is added, > but the delegated admin manpage changes were extensive and slipped to build 70. > > --matt > _______________________________________________ > zfs-discuss mailing list > zfs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss