Go to main content

Managing ZFS File Systems in Oracle® Solaris 11.4

Exit Print View

Updated: August 2019
 
 

Removing ZFS Delegated Permissions Examples

You can use the zfs unallow command to remove delegated permissions. For example, user cindy has create, destroy, mount, and snapshot permissions on the system1/cindy file system.

$ zfs allow cindy create,destroy,mount,snapshot system1/home/cindy
$ zfs allow system1/home/cindy
---- Permissions on system1/home/cindy ----------------------------------
Local+descendant permissions:
user cindy create,destroy,mount,snapshot

The following zfs unallow syntax removes user cindy's snapshot permission from the system1/home/cindy file system:

$ zfs unallow cindy snapshot system1/home/cindy
$ zfs allow system1/home/cindy
---- Permissions on system1/home/cindy ----------------------------------
Local+descendant permissions:
user cindy create,destroy,mount
cindy% zfs create system1/home/cindy/data
cindy% zfs snapshot system1/home/cindy@today
cannot create snapshot 'system1/home/cindy@today': permission denied

As another example, user mark has the following permissions on the system1/home/mark file system:

$ zfs allow system1/home/mark
---- Permissions on system1/home/mark ----------------------------------
Local+descendant permissions:
user mark create,destroy,mount
-------------------------------------------------------------

The following zfs unallow syntax removes all permissions for user mark from the system1/home/mark file system:

$ zfs unallow mark system1/home/mark

The following zfs unallow syntax removes a permission set on the system1 file system.

$ zfs allow system1
---- Permissions on system1 ---------------------------------------------
Permission sets:
@myset clone,create,destroy,mount,promote,readonly,snapshot
Create time permissions:
create,destroy,mount
Local+descendant permissions:
group staff create,mount
$ zfs unallow -s @myset system1
$ zfs allow system1
---- Permissions on system1 ---------------------------------------------
Create time permissions:
create,destroy,mount
Local+descendant permissions:
group staff create,mount