Tks very much for your reply. I'm very sorry for the last mail,I didn't see the CC is empty,I'm not deliberately.
2008/10/22 Jeremy Chadwick <[EMAIL PROTECTED]>: > On Wed, Oct 22, 2008 at 06:54:49PM +0800, lhmwzy wrote: >> hmm... >> I transfer data to a remote machine use zfs. >> for example: >> >> #zfs send pool/[EMAIL PROTECTED] | ssh -l lhm 10.67.141.80 zfs receive >> www/102 >> >> If login into 10.67.141.80 throught non-root user,it says: >> cannot receive: permission denied >> cannot send 'pool/[EMAIL PROTECTED]': Broken pipe >> >> But login into a remote machine use root through ssh is not a good >> idea,right? >> >> >> 2008/10/22 Jeremy Chadwick <[EMAIL PROTECTED]>: >> > On Wed, Oct 22, 2008 at 05:13:21PM +0800, lhmwzy wrote: >> >> $zfs create www/lhm >> >> cannot create 'www/lhm': permission denied >> >> >> >> How to do this or when can do this? >> > >> > Creating a filesystem is something that can only be done by root. I'm >> > not sure what gave you the impression non-root users can do this...? > > This problem has nothing to do with ZFS, it has to do with SSH. > > You need to do a few things for this to work. Here's a very quick way: > > 1) Make a public key on the machine you're doing "zfs send" from. > Run ssh-keygen as root > 2) Place contents of /root/.ssh/id_rsa.pub in /root/.ssh/authorized_keys > on 10.67.141.80. Make sure the /root/.ssh directory is perm 0700, > and authorized_keys is perm 0600. > 3) On 10.67.141.80, edit /etc/ssh/sshd_config and change this line: > > #PermitRootLogin no > > ...to: > > PermitRootLogin without-password > > 4) Send a SIGHUP signal to the master sshd process. This might > disconnect any existing SSH sessions to the machine: > > kill -HUP `cat /var/run/sshd.pid` > > > If you're concerned about what "without-password" does, read the man > page. It WILL NOT let people SSH into the root account, UNLESS they > have the private key (on zfs_send_host). That's the ONLY WAY they can > get in as root. > > You may want to secure things down a bit more by editing > /root/.ssh/authorized_keys on 10.67.141.80 to only allow certain > commands to be executed (specifically "zfs receive"). You can look on > Google for how to do this. > > Finally, why did you remove the mailing list from the CC list? Now > no one knows what we've discussed, which isn't good. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > > _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
