Removing ZFS Delegated Permissions Examples

Language:

You can use the zfs unallow command to remove delegated permissions. For example, user cindy has create, destroy, mount, and snapshot permissions on the tank/cindy file system.

# zfs allow cindy create,destroy,mount,snapshot tank/home/cindy
# zfs allow tank/home/cindy
---- Permissions on tank/home/cindy ----------------------------------
Local+Descendent permissions:
user cindy create,destroy,mount,snapshot

The following zfs unallow syntax removes user cindy's snapshot permission from the tank/home/cindy file system:

# zfs unallow cindy snapshot tank/home/cindy
# zfs allow tank/home/cindy
---- Permissions on tank/home/cindy ----------------------------------
Local+Descendent permissions:
user cindy create,destroy,mount
cindy% zfs create tank/home/cindy/data
cindy% zfs snapshot tank/home/cindy@today
cannot create snapshot 'tank/home/cindy@today': permission denied

As another example, user mark has the following permissions on the tank/home/mark file system:

# zfs allow tank/home/mark
---- Permissions on tank/home/mark ----------------------------------
Local+Descendent permissions:
user mark create,destroy,mount
-------------------------------------------------------------

The following zfs unallow syntax removes all permissions for user mark from the tank/home/mark file system:

# zfs unallow mark tank/home/mark

The following zfs unallow syntax removes a permission set on the tank file system.

# zfs allow tank
---- Permissions on tank ---------------------------------------------
Permission sets:
@myset clone,create,destroy,mount,promote,readonly,snapshot
Create time permissions:
create,destroy,mount
Local+Descendent permissions:
group staff create,mount
# zfs unallow -s @myset tank
# zfs allow tank
---- Permissions on tank ---------------------------------------------
Create time permissions:
create,destroy,mount
Local+Descendent permissions:
group staff create,mount