1. Managing ZFS File Systems in Oracle Solaris 11.4
  2. Managing Oracle Solaris ZFS File Systems
  3. Encrypting ZFS File Systems
  4. Changing an Encrypted ZFS File System's Keys
  5. Delegating ZFS Key Operation Permissions

Delegating ZFS Key Operation Permissions

Review the following permission descriptions for delegating key operations:

  • Loading or unloading a file system key by using the zfs key -l and zfs key -u commands require the key permission. In most cases, you will need the mount permission as well.

  • Changing a file system key by using the zfs key -c and zfs key -K commands require the keychange permission.

Consider delegating separate permissions for key use (load or unload) and key change, which allows you to have a two-person key operation model. For example, determine which users can use the keys verses which users can change them. Or, both users need to be present for a key change. This model also allows you to build a key escrow system.