Rainer Orth wrote:
Mark Shellenbaum <[EMAIL PROTECTED]> writes:
Yes we do need something like this.
This is already covered by the following CRs 6280676, 6421209.
These RFE's are currently being investigated. The basic idea is that
an adminstrator will be allowed to grant specific users/groups to
perform various zfs adminstrative tasks, such as create, destroy, clone,
changing properties and so on.
After the zfs team is in agreement as to what the interfaces should be,
I will forward it to zfs-discuss for further feedback.
In addition to this, what I think will become necessary is a way to perform
this sort of end-user zfs administration securely over the network (maybe
with an RPC service secured with RPCSEC_GSS?): I don't want to grant every
single student login to the fileservers to admin their zfs filesystems ;-(
I'm assuming you mean using zfs(1) but having a "remote" mode where you
indicate the name of the server and pool.
There is, sadly, the problem of mandating RPCSEC_GSS because so many
people don't have the Kerberos infrastructure setup to use it.
Personally I'd be more than happy to say that if you want to use this
you must use RPCSEC_GSS but that might not go down well with everyone.
I do actually like your suggestion of a zfs command that talks over
RPCSEC_GSS and it would work great for me since I do have Kerberos creds
on the client and servers I use!
However it would be really really nice if we didn't need a special
command on the client side. Particularly since it might not be a
Solaris machine on the client.
As it happens we have a "client" interface that doesn't require you run
Solaris on the client side or have Kerberos deployed; the web based ZFS
gui that is secured by SSL.
The other option is to allow users to this by doing operations in the
special ".zfs" directory. This should even be possible over NFS or CIFS.
For example creation, rename and delete of snapshots using normal file
system tools, in .zfs/snapshot.
mv seems to be able to rename a snapshot. Maybe we could have cp on a
snapshot mean clone eg:
$ cd .zfs/snapshot
$ mv foo bar
$ cp bar baz
$ rm may
Would rename the snapshot called foo to the snapshot called bar
It would then create a clone called baz based on the snapshot bar.
Finally removing the snapshot called may.
Given that the .zfs directory is special we might be able to invent
additional things for doing the other operations. The harder part is
setting the options like share/checksum/compression etc.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
