How to Restrict Client Host Access to an SMB Share (zfs
)
This procedure describes how to use the ZFS file system's share
property to restrict access to a share based on a client's host address. This feature is known as host-based access control.
A client host is permitted to have only one of the following types of access to a share:
-
Read-only access
-
Read-write access
-
No access
For more information about the access control mechanisms that are used for shares, see Host-Based Access Control to SMB Shares.
This procedure shows how to use the zfs
command to restrict client host access, but you can also use the share
command for other file system types. See the share
(8) man page.
For information about access lists, see the share_smb
(8) man page.
Example 3-9 Setting Host Access Policy by Using a Single Command
The following command specifies how particular hosts can access the acme.sales.logs
share. The mercury
and venus
hosts have read-write access, mars
has read-only access, and neptune
has no access.
$ zfs share -o share.smb=on -o share.smb.rw=mercury:venus,ro=mars,none="*" \
tank/sales/logs%acme.sales.logs