Kyle McDonald wrote:
Andriy Gapon wrote:
What do you think about the following feature?
"Subdirectory is automatically a new filesystem" property - an
administrator turns
on this magic property of a filesystem, after that every mkdir *in the
root* of
that filesystem creates a new filesystem. The new filesystems have
default/inherited properties except for the magic property which is off.
Right now I see this as being mostly useful for /home. Main benefit in
this case
is that various user administration tools can work unmodified and do
the right
thing when an administrator wants a policy of a separate fs per user
But I am sure that there could be other interesting uses for this.
But now that quotas are working properly, Why would you want to continue
the hack of 1 FS per user?
hack ? Different usage cases!
Why bother? What's the benefit?
The benefit is that users can control their own snapshot policy, they
can create and destroy their own sub datasets, send and recv them etc.
We can also delegate specific properties to users if we want as well.
This is exactly how I have the builds area setup on our ONNV build
machines for the Solaris security team. Sure the output of zfs list
is long - but I don't care about that.
When encryption comes along having a separate filesystem per user is an
useful deployment case because it means we can deploy with separate keys
for each user (granted may be less interesting if they only access their
home dir over NFS/CIFS but still useful). I have a prototype PAM module
that uses the users login password as the ZFS dataset wrapping key and
keeps that in sync with the users login password on password change.
--
Darren J Moffat
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss