You can use the zfs unallow command to remove delegated permissions. For example, user cindy has create, destroy, mount, and snapshot permissions on the tank/cindy file system.
# zfs allow cindy create,destroy,mount,snapshot tank/home/cindy # zfs allow tank/home/cindy ---- Permissions on tank/home/cindy ---------------------------------- Local+Descendent permissions: user cindy create,destroy,mount,snapshot
The following zfs unallow syntax removes user cindy's snapshot permission from the tank/home/cindy file system:
# zfs unallow cindy snapshot tank/home/cindy # zfs allow tank/home/cindy ---- Permissions on tank/home/cindy ---------------------------------- Local+Descendent permissions: user cindy create,destroy,mount cindy% zfs create tank/home/cindy/data cindy% zfs snapshot tank/home/cindy@today cannot create snapshot 'tank/home/cindy@today': permission denied
As another example, user mark has the following permissions on the tank/home/mark file system:
# zfs allow tank/home/mark ---- Permissions on tank/home/mark ---------------------------------- Local+Descendent permissions: user mark create,destroy,mount -------------------------------------------------------------
The following zfs unallow syntax removes all permissions for user mark from the tank/home/mark file system:
# zfs unallow mark tank/home/mark
The following zfs unallow syntax removes a permission set on the tank file system.
# zfs allow tank ---- Permissions on tank --------------------------------------------- Permission sets: @myset clone,create,destroy,mount,promote,readonly,snapshot Create time permissions: create,destroy,mount Local+Descendent permissions: group staff create,mount # zfs unallow -s @myset tank # zfs allow tank ---- Permissions on tank --------------------------------------------- Create time permissions: create,destroy,mount Local+Descendent permissions: group staff create,mount