test

Oracle Solaris ZFS Administration Guide

Removing ZFS Delegated Permissions (Examples)

You can use the zfs unallow command to remove delegated permissions. For example, user cindys has create, destroy, mount, and snapshot permissions on the tank/cindys file system.


# zfs allow cindys create,destroy,mount,snapshot tank/cindys
       # zfs allow tank/cindys
       -------------------------------------------------------------
       Local+Descendent permissions on (tank/cindys)
               user cindys create,destroy,mount,snapshot
       -------------------------------------------------------------

The following zfs unallow syntax removes user cindys's snapshot permission from the tank/cindys file system:


# zfs unallow cindys snapshot tank/cindys
# zfs allow tank/cindys
-------------------------------------------------------------
Local+Descendent permissions on (tank/cindys)
        user cindys create,destroy,mount
-------------------------------------------------------------
cindys% zfs create tank/cindys/data
cindys% zfs snapshot tank/cindys@today
cannot create snapshot 'tank/cindys@today': permission denied

As another example, user marks has the following permissions on the tank/marks file system:


# zfs allow tank/marks
-------------------------------------------------------------
Local+Descendent permissions on (tank/marks)
        user marks create,destroy,mount
-------------------------------------------------------------

The following zfs unallow syntax removes all permissions for user marks from the tank/marks file system:


# zfs unallow marks tank/marks

The following zfs unallow syntax removes a permission set on the tank file system.


# zfs allow tank
-------------------------------------------------------------
Permission sets on (tank)
        @myset clone,create,destroy,mount,promote,readonly,snapshot
Create time permissions on (tank)
        create,destroy,mount
Local+Descendent permissions on (tank)
        group staff create,mount
-------------------------------------------------------------
# zfs unallow -s @myset tank
$ zfs allow tank
-------------------------------------------------------------
Create time permissions on (tank)
        create,destroy,mount
Local+Descendent permissions on (tank)
        group staff create,mount
-------------------------------------------------------------