zfs-unallow.8 (15240B)
- .\"
- .\" CDDL HEADER START
- .\"
- .\" The contents of this file are subject to the terms of the
- .\" Common Development and Distribution License (the "License").
- .\" You may not use this file except in compliance with the License.
- .\"
- .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- .\" or https://opensource.org/licenses/CDDL-1.0.
- .\" See the License for the specific language governing permissions
- .\" and limitations under the License.
- .\"
- .\" When distributing Covered Code, include this CDDL HEADER in each
- .\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- .\" If applicable, add the following below this CDDL HEADER, with the
- .\" fields enclosed by brackets "[]" replaced with your own identifying
- .\" information: Portions Copyright [yyyy] [name of copyright owner]
- .\"
- .\" CDDL HEADER END
- .\"
- .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
- .\" Copyright 2011 Joshua M. Clulow <josh@sysmgr.org>
- .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
- .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
- .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
- .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
- .\" Copyright (c) 2014 Integros [integros.com]
- .\" Copyright 2019 Richard Laager. All rights reserved.
- .\" Copyright 2018 Nexenta Systems, Inc.
- .\" Copyright 2019 Joyent, Inc.
- .\"
- .Dd March 16, 2022
- .Dt ZFS-ALLOW 8
- .Os
- .
- .Sh NAME
- .Nm zfs-allow
- .Nd delegate ZFS administration permissions to unprivileged users
- .Sh SYNOPSIS
- .Nm zfs
- .Cm allow
- .Op Fl dglu
- .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm allow
- .Op Fl dl
- .Fl e Ns | Ns Sy everyone
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm allow
- .Fl c
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm allow
- .Fl s No @ Ns Ar setname
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm unallow
- .Op Fl dglru
- .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm unallow
- .Op Fl dlr
- .Fl e Ns | Ns Sy everyone
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm unallow
- .Op Fl r
- .Fl c
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Nm zfs
- .Cm unallow
- .Op Fl r
- .Fl s No @ Ns Ar setname
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .
- .Sh DESCRIPTION
- .Bl -tag -width ""
- .It Xo
- .Nm zfs
- .Cm allow
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- Displays permissions that have been delegated on the specified filesystem or
- volume.
- See the other forms of
- .Nm zfs Cm allow
- for more information.
- .Pp
- Delegations are supported under Linux with the exception of
- .Sy mount ,
- .Sy unmount ,
- .Sy mountpoint ,
- .Sy canmount ,
- .Sy rename ,
- and
- .Sy share .
- These permissions cannot be delegated because the Linux
- .Xr mount 8
- command restricts modifications of the global namespace to the root user.
- .It Xo
- .Nm zfs
- .Cm allow
- .Op Fl dglu
- .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- .It Xo
- .Nm zfs
- .Cm allow
- .Op Fl dl
- .Fl e Ns | Ns Sy everyone
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- Delegates ZFS administration permission for the file systems to non-privileged
- users.
- .Bl -tag -width "-d"
- .It Fl d
- Allow only for the descendent file systems.
- .It Fl e Ns | Ns Sy everyone
- Specifies that the permissions be delegated to everyone.
- .It Fl g Ar group Ns Oo , Ns Ar group Oc Ns …
- Explicitly specify that permissions are delegated to the group.
- .It Fl l
- Allow
- .Qq locally
- only for the specified file system.
- .It Fl u Ar user Ns Oo , Ns Ar user Oc Ns …
- Explicitly specify that permissions are delegated to the user.
- .It Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
- Specifies to whom the permissions are delegated.
- Multiple entities can be specified as a comma-separated list.
- If neither of the
- .Fl gu
- options are specified, then the argument is interpreted preferentially as the
- keyword
- .Sy everyone ,
- then as a user name, and lastly as a group name.
- To specify a user or group named
- .Qq everyone ,
- use the
- .Fl g
- or
- .Fl u
- options.
- To specify a group with the same name as a user, use the
- .Fl g
- options.
- .It Xo
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Xc
- The permissions to delegate.
- Multiple permissions may be specified as a comma-separated list.
- Permission names are the same as ZFS subcommand and property names.
- See the property list below.
- Property set names, which begin with
- .Sy @ ,
- may be specified.
- See the
- .Fl s
- form below for details.
- .El
- .Pp
- If neither of the
- .Fl dl
- options are specified, or both are, then the permissions are allowed for the
- file system or volume, and all of its descendents.
- .Pp
- Permissions are generally the ability to use a ZFS subcommand or change a ZFS
- property.
- The following permissions are available:
- .TS
- l l l .
- NAME TYPE NOTES
- _ _ _
- allow subcommand Must also have the permission that is being allowed
- bookmark subcommand
- clone subcommand Must also have the \fBcreate\fR ability and \fBmount\fR ability in the origin file system
- create subcommand Must also have the \fBmount\fR ability. Must also have the \fBrefreservation\fR ability to create a non-sparse volume.
- destroy subcommand Must also have the \fBmount\fR ability
- diff subcommand Allows lookup of paths within a dataset given an object number, and the ability to create snapshots necessary to \fBzfs diff\fR.
- hold subcommand Allows adding a user hold to a snapshot
- load-key subcommand Allows loading and unloading of encryption key (see \fBzfs load-key\fR and \fBzfs unload-key\fR).
- change-key subcommand Allows changing an encryption key via \fBzfs change-key\fR.
- mount subcommand Allows mounting/umounting ZFS datasets
- promote subcommand Must also have the \fBmount\fR and \fBpromote\fR ability in the origin file system
- receive subcommand Must also have the \fBmount\fR and \fBcreate\fR ability
- release subcommand Allows releasing a user hold which might destroy the snapshot
- rename subcommand Must also have the \fBmount\fR and \fBcreate\fR ability in the new parent
- rollback subcommand Must also have the \fBmount\fR ability
- send subcommand
- share subcommand Allows sharing file systems over NFS or SMB protocols
- snapshot subcommand Must also have the \fBmount\fR ability
- groupquota other Allows accessing any \fBgroupquota@\fI…\fR property
- groupobjquota other Allows accessing any \fBgroupobjquota@\fI…\fR property
- groupused other Allows reading any \fBgroupused@\fI…\fR property
- groupobjused other Allows reading any \fBgroupobjused@\fI…\fR property
- userprop other Allows changing any user property
- userquota other Allows accessing any \fBuserquota@\fI…\fR property
- userobjquota other Allows accessing any \fBuserobjquota@\fI…\fR property
- userused other Allows reading any \fBuserused@\fI…\fR property
- userobjused other Allows reading any \fBuserobjused@\fI…\fR property
- projectobjquota other Allows accessing any \fBprojectobjquota@\fI…\fR property
- projectquota other Allows accessing any \fBprojectquota@\fI…\fR property
- projectobjused other Allows reading any \fBprojectobjused@\fI…\fR property
- projectused other Allows reading any \fBprojectused@\fI…\fR property
- aclinherit property
- aclmode property
- acltype property
- atime property
- canmount property
- casesensitivity property
- checksum property
- compression property
- context property
- copies property
- dedup property
- defcontext property
- devices property
- dnodesize property
- encryption property
- exec property
- filesystem_limit property
- fscontext property
- keyformat property
- keylocation property
- logbias property
- mlslabel property
- mountpoint property
- nbmand property
- normalization property
- overlay property
- pbkdf2iters property
- primarycache property
- quota property
- readonly property
- recordsize property
- redundant_metadata property
- refquota property
- refreservation property
- relatime property
- reservation property
- rootcontext property
- secondarycache property
- setuid property
- sharenfs property
- sharesmb property
- snapdev property
- snapdir property
- snapshot_limit property
- special_small_blocks property
- sync property
- utf8only property
- version property
- volblocksize property
- volmode property
- volsize property
- vscan property
- xattr property
- zoned property
- .TE
- .It Xo
- .Nm zfs
- .Cm allow
- .Fl c
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- Sets
- .Qq create time
- permissions.
- These permissions are granted
- .Pq locally
- to the creator of any newly-created descendent file system.
- .It Xo
- .Nm zfs
- .Cm allow
- .Fl s No @ Ns Ar setname
- .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns …
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- Defines or adds permissions to a permission set.
- The set can be used by other
- .Nm zfs Cm allow
- commands for the specified file system and its descendents.
- Sets are evaluated dynamically, so changes to a set are immediately reflected.
- Permission sets follow the same naming restrictions as ZFS file systems, but the
- name must begin with
- .Sy @ ,
- and can be no more than 64 characters long.
- .It Xo
- .Nm zfs
- .Cm unallow
- .Op Fl dglru
- .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns …
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- .It Xo
- .Nm zfs
- .Cm unallow
- .Op Fl dlr
- .Fl e Ns | Ns Sy everyone
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- .It Xo
- .Nm zfs
- .Cm unallow
- .Op Fl r
- .Fl c
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- Removes permissions that were granted with the
- .Nm zfs Cm allow
- command.
- No permissions are explicitly denied, so other permissions granted are still in
- effect.
- For example, if the permission is granted by an ancestor.
- If no permissions are specified, then all permissions for the specified
- .Ar user ,
- .Ar group ,
- or
- .Sy everyone
- are removed.
- Specifying
- .Sy everyone
- .Po or using the
- .Fl e
- option
- .Pc
- only removes the permissions that were granted to everyone, not all permissions
- for every user and group.
- See the
- .Nm zfs Cm allow
- command for a description of the
- .Fl ldugec
- options.
- .Bl -tag -width "-r"
- .It Fl r
- Recursively remove the permissions from this file system and all descendents.
- .El
- .It Xo
- .Nm zfs
- .Cm unallow
- .Op Fl r
- .Fl s No @ Ns Ar setname
- .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
- .Ar setname Oc Ns … Oc
- .Ar filesystem Ns | Ns Ar volume
- .Xc
- Removes permissions from a permission set.
- If no permissions are specified, then all permissions are removed, thus removing
- the set entirely.
- .El
- .
- .Sh EXAMPLES
- .\" These are, respectively, examples 17, 18, 19, 20 from zfs.8
- .\" Make sure to update them bidirectionally
- .Ss Example 1 : No Delegating ZFS Administration Permissions on a ZFS Dataset
- The following example shows how to set permissions so that user
- .Ar cindys
- can create, destroy, mount, and take snapshots on
- .Ar tank/cindys .
- The permissions on
- .Ar tank/cindys
- are also displayed.
- .Bd -literal -compact -offset Ds
- .No # Nm zfs Cm allow Sy cindys create , Ns Sy destroy , Ns Sy mount , Ns Sy snapshot Ar tank/cindys
- .No # Nm zfs Cm allow Ar tank/cindys
- ---- Permissions on tank/cindys --------------------------------------
- Local+Descendent permissions:
- user cindys create,destroy,mount,snapshot
- .Ed
- .Pp
- Because the
- .Ar tank/cindys
- mount point permission is set to 755 by default, user
- .Ar cindys
- will be unable to mount file systems under
- .Ar tank/cindys .
- Add an ACE similar to the following syntax to provide mount point access:
- .Dl # Cm chmod No A+user : Ns Ar cindys Ns :add_subdirectory:allow Ar /tank/cindys
- .
- .Ss Example 2 : No Delegating Create Time Permissions on a ZFS Dataset
- The following example shows how to grant anyone in the group
- .Ar staff
- to create file systems in
- .Ar tank/users .
- This syntax also allows staff members to destroy their own file systems, but not
- destroy anyone else's file system.
- The permissions on
- .Ar tank/users
- are also displayed.
- .Bd -literal -compact -offset Ds
- .No # Nm zfs Cm allow Ar staff Sy create , Ns Sy mount Ar tank/users
- .No # Nm zfs Cm allow Fl c Sy destroy Ar tank/users
- .No # Nm zfs Cm allow Ar tank/users
- ---- Permissions on tank/users ---------------------------------------
- Permission sets:
- destroy
- Local+Descendent permissions:
- group staff create,mount
- .Ed
- .
- .Ss Example 3 : No Defining and Granting a Permission Set on a ZFS Dataset
- The following example shows how to define and grant a permission set on the
- .Ar tank/users
- file system.
- The permissions on
- .Ar tank/users
- are also displayed.
- .Bd -literal -compact -offset Ds
- .No # Nm zfs Cm allow Fl s No @ Ns Ar pset Sy create , Ns Sy destroy , Ns Sy snapshot , Ns Sy mount Ar tank/users
- .No # Nm zfs Cm allow staff No @ Ns Ar pset tank/users
- .No # Nm zfs Cm allow Ar tank/users
- ---- Permissions on tank/users ---------------------------------------
- Permission sets:
- @pset create,destroy,mount,snapshot
- Local+Descendent permissions:
- group staff @pset
- .Ed
- .
- .Ss Example 4 : No Delegating Property Permissions on a ZFS Dataset
- The following example shows to grant the ability to set quotas and reservations
- on the
- .Ar users/home
- file system.
- The permissions on
- .Ar users/home
- are also displayed.
- .Bd -literal -compact -offset Ds
- .No # Nm zfs Cm allow Ar cindys Sy quota , Ns Sy reservation Ar users/home
- .No # Nm zfs Cm allow Ar users/home
- ---- Permissions on users/home ---------------------------------------
- Local+Descendent permissions:
- user cindys quota,reservation
- cindys% zfs set quota=10G users/home/marks
- cindys% zfs get quota users/home/marks
- NAME PROPERTY VALUE SOURCE
- users/home/marks quota 10G local
- .Ed
- .
- .Ss Example 5 : No Removing ZFS Delegated Permissions on a ZFS Dataset
- The following example shows how to remove the snapshot permission from the
- .Ar staff
- group on the
- .Sy tank/users
- file system.
- The permissions on
- .Sy tank/users
- are also displayed.
- .Bd -literal -compact -offset Ds
- .No # Nm zfs Cm unallow Ar staff Sy snapshot Ar tank/users
- .No # Nm zfs Cm allow Ar tank/users
- ---- Permissions on tank/users ---------------------------------------
- Permission sets:
- @pset create,destroy,mount,snapshot
- Local+Descendent permissions:
- group staff @pset
- .Ed