可以使用 zfs unallow 命令删除已授予的委托权限。例如,用户 cindy 在 tank/cindy 文件系统上具有 create、destroy、mount 和 snapshot 权限。
# zfs allow cindy create,destroy,mount,snapshot tank/home/cindy # zfs allow tank/home/cindy ---- Permissions on tank/home/cindy ---------------------------------- Local+Descendent permissions: user cindy create,destroy,mount,snapshot
以下 zfs unallow 语法将从 tank/home/cindy 文件系统中删除用户 cindy 的 snapshot 权限:
# zfs unallow cindy snapshot tank/home/cindy # zfs allow tank/home/cindy ---- Permissions on tank/home/cindy ---------------------------------- Local+Descendent permissions: user cindy create,destroy,mount cindy% zfs create tank/home/cindy/data cindy% zfs snapshot tank/home/cindy@today cannot create snapshot 'tank/home/cindy@today': permission denied
作为另一个示例,用户 mark 在 tank/home/mark 文件系统上具有以下权限:
# zfs allow tank/home/mark ---- Permissions on tank/home/mark ---------------------------------- Local+Descendent permissions: user mark create,destroy,mount -------------------------------------------------------------
以下 zfs unallow 语法将从 tank/home/mark 文件系统中删除用户 mark 的所有权限:
# zfs unallow mark tank/home/mark
以下 zfs unallow 语法将删除对 tank 文件系统的权限集。
# zfs allow tank ---- Permissions on tank --------------------------------------------- Permission sets: @myset clone,create,destroy,mount,promote,readonly,snapshot Create time permissions: create,destroy,mount Local+Descendent permissions: group staff create,mount # zfs unallow -s @myset tank # zfs allow tank ---- Permissions on tank --------------------------------------------- Create time permissions: create,destroy,mount Local+Descendent permissions: group staff create,mount