test

Oracle Solaris ZFS Administration Guide

Delegating ZFS Permissions (zfs allow)

The zfs allow syntax follows: 


zfs allow -[ldugecs] everyone|user|group[,...] perm|@setname,...] filesystem| volume

The following zfs allow syntax (in bold) identifies to whom the permissions are delegated:


zfs allow [-uge]|user|group|everyone [,...] filesystem | volume

Multiple entities can be specified as a comma-separated list. If no -uge options are specified, then the argument is interpreted preferentially as the keyword everyone, then as a user name, and lastly, as a group name. To specify a user or group named “everyone,” use the -u or -g option. To specify a group with the same name as a user, use the -g option. The -c option delegates create-time permissions.

The following zfs allow syntax (in bold) identifies how permissions and permission sets are specified:


zfs allow [-s] ... perm|@setname [,...] filesystem | volume

Multiple permissions can be specified as a comma-separated list. Permission names are the same as ZFS subcommands and properties. For more information, see the preceding section.

Permissions can be aggregated into permission sets and are identified by the -s option. Permission sets can be used by other zfs allow commands for the specified file system and its descendents. Permission sets are evaluated dynamically, so changes to a set are immediately updated. Permission sets follow the same naming requirements as ZFS file systems, but the name must begin with an at sign (@) and can be no more than 64 characters in length.

The following zfs allow syntax (in bold) identifies how the permissions are delegated:


zfs allow [-ld] ... ... filesystem | volume

The -l option indicates that the permissions are allowed for the specified dataset and not its descendents, unless the -d option is also specified. The -d option indicates that the permissions are allowed for the descendent datasets and not for this dataset, unless the -l option is also specified. If neither option is specified, then the permissions are allowed for the file system or volume and all of its descendents.