Managing ZFS File Systems in Oracle® Solaris 11.2

Exit Print View

Updated: December 2014

Displaying ZFS Delegated Permissions Examples

You can use the following command to display permissions:

# zfs allow dataset

This command displays permissions that are set or allowed on the specified dataset. The output contains the following components:

  • Permission sets

  • Individual permissions or create-time permissions

  • Local dataset

  • Local and descendent datasets

  • Descendent datasets only

Example 8-6  Displaying Basic Delegated Administration Permissions

The following output indicates that user cindy has create, destroy, mount, snapshot permissions on the tank/cindy file system.

# zfs allow tank/cindy
Local+Descendent permissions on (tank/cindy)
user cindy create,destroy,mount,snapshot
Example 8-7  Displaying Complex Delegated Administration Permissions

The output in this example indicates the following permissions on the pool/fred and pool file systems.

For the pool/fred file system:

  • Two permission sets are defined:

    • @eng (create, destroy, snapshot, mount, clone, promote, rename)

    • @simple (create, mount)

  • Create-time permissions are set for the @eng permission set and the mountpoint property. Create-time means that after a file system set is created, the @eng permission set and the permission to set the mountpoint property are delegated.

  • User tom is delegated the @eng permission set, and user joe is granted create, destroy, and mount permissions for local file systems.

  • User fred is delegated the @basic permission set, and share and rename permissions for the local and descendent file systems.

  • User barney and the staff group are delegated the @basic permission set for descendent file systems only.

For the pool file system:

  • The permission set @simple (create, destroy, mount) is defined.

  • The group staff is granted the @simple permission set on the local file system.

Here is the output for this example:

$ zfs allow pool/fred
---- Permissions on pool/fred ----------------------------------------
Permission sets:
@eng create,destroy,snapshot,mount,clone,promote,rename
@simple create,mount
Create time permissions:
Local permissions:
user tom @eng
user joe create,destroy,mount
Local+Descendent permissions:
user fred @basic,share,rename
user barney @basic
group staff @basic
---- Permissions on pool ---------------------------------------------
Permission sets:
@simple create,destroy,mount
Local permissions:
group staff @simple