Hi,
I'm trying to let zfs users to create and destroy snapshots in their zfs
filesystems.
So rpool/vm has the permissions:
osol137 19:07 ~: zfs allow rpool/vm
---- Permissions on rpool/vm -----------------------------------------
Permission sets:
@virtual
clone,create,destroy,mount,promote,readonly,receive,rename,rollback,send,share,snapshot,userprop
Create time permissions:
@virtual
Local permissions:
group staff create,mount
now as regular user I do:
$ zfs create rpool/vm/vm156888
$ zfs create rpool/vm/vm156888/a
$ zfs snapshot rpool/vm/vm156888/a...@1
$ zfs destroy rpool/vm/vm156888/a...@1
cannot destroy 'rpool/vm/vm156888/a...@1': permission denied
The only way around I found is to add 'allow' right to the @virtual
group
sudo zfs allow -s @virtual allow rpool/vm
Now as regular user I can:
zfs allow vm156888 mount,destroy rpool/vm/vm156888/a
zfs destroy rpool/vm/vm156888/a...@1
I believe that I need to do this because the "Create time" permissions
are used only as "Local permissions" on new filesystem, while for
deleting snapshot I need them as Local+Descendent.
So user if he wants to use snapshots, he has to know to grant himself
mount+delete permissions first. Is this the intended way to go?
Thank you
--
Vlad
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
