On 17/02/2011 20:44, Stefan Dormayer wrote:
is there a way to disable the subcommand destroy of zpool/zfs for the root user?
ZFS doesn't actually require root for those it actually checks for individual privileges. Mostly that amounts to "sys_mount" and "sys_config" (for pool operations) - though those aren't documented requirements.
By default the root user ends up being able to do anything to any pool or dataset and all other users need to be granted access via 'zfs allow'.
Would it be useful if you could remove the ability for a root user in a zone to do zfs operations on delegated datasets ? Doing this for the global zone is a little harder but for a local zone it can be done by extending the 'zfs allow' mechanism.
See: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=7011365 -- Darren J Moffat _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
