Displaying ZFS Delegated Permissions (Examples) (Solaris ZFS Administration Guide)

Solaris ZFS Administration Guide

Displaying ZFS Delegated Permissions (Examples)

You can use the following command to display permissions:

# zfs allow dataset

This command displays permissions that are set or allowed on this dataset. The output contains the following components:

Permissions sets
Specific permissions or create-time permissions
Local dataset
Local and descendent datasets
Descendent datasets only

Example 9–6 Displaying Basic Delegated Administration Permissions

The following output in this example indicates that user cindys has permissions to create, destroy, mount, snapshot in the tank/cindys file system.

# zfs allow tank/cindys
       -------------------------------------------------------------
       Local+Descendent permissions on (tank/cindys)
               user cindys create,destroy,mount,snapshot

Example 9–7 Displaying Complex Delegated Administration Permissions

The output in this example indicates the following permissions on the pool/fred and pool file systems.

For the pool/fred file system:

Two permission sets are defined:
- @eng (create, destroy, snapshot, mount, clone, promote, rename)
- @simple (create, mount)
Create-time permissions are set for the @eng permission set and the mountpoint property. Create-time means that after a dataset set is created, the @eng permission set and the mountpoint property are granted.
User tom is granted the @eng permission set, and user joe is granted create, destroy, and mount permissions for local file systems.
User fred is granted the @basic permission set, and share and rename permissions for the local and descendent file systems.
User barney and the staff group are granted the @basic permission set for descendent file systems only.

For the pool file system:

The permission set @simple (create, destroy, mount) is defined.
The group staff is granted the @simple permission set on the local file system.

Here is the output for this example:

$ zfs allow pool/fred
------------------------------------------------------------------------------
Permission sets on (pool/fred)
        @eng create,destroy,snapshot,mount,clone,promote,rename
        @simple create,mount
Create time permissions on (pool/fred)
        @eng,mountpoint
Local permissions on (pool/fred)
        user tom @eng
        user joe create,destroy,mount
Local+Descendent permissions on (pool/fred)
        user fred @basic,share,rename
Descendent permissions on (pool/fred)
        user barney @basic
        group staff @basic
------------------------------------------------------------------------------
Permission sets on (pool)
        @simple create,destroy,mount
Local permissions on (pool)
        group staff @simple
------------------------------------------------------------------------------