Displaying ZFS Delegated Permissions Examples
You can use the following command to display permissions:
$ zfs allow dataset
This command displays permissions that are set or allowed on the specified dataset. The output contains the following components:
-
Permission sets
-
Individual permissions or create-time permissions
-
Local dataset
-
Local and descendant datasets
-
Descendant datasets only
Example 9-6 Displaying Basic Delegated Administration Permissions
The following output indicates that user mindy
has create
, destroy
, mount
, snapshot permissions on the system1/mindy
file system.
$ zfs allow system1/mindy
-------------------------------------------------------------
Local+descendant permissions on (system1/mindy)
user mindy create,destroy,mount,snapshot
Example 9-7 Displaying Complex Delegated Administration Permissions
The output in this example indicates the following permissions on the pool/glori
and pool
file systems.
For the pool/glori
file system:
-
Two permission sets are defined:
-
@eng
(create
,destroy
,snapshot
,mount
,clone
,promote
,rename
) -
@simple
(create
,mount
)
-
-
Create-time permissions are set for the
@eng
permission set and themountpoint
property. Create-time means that after a file system set is created, the@eng
permission set and the permission to set themountpoint
property are delegated. -
User
tomi
is delegated the@eng
permission set, and userjoe
is grantedcreate
,destroy
, andmount
permissions for local file systems. -
User
glori
is delegated the@basic
permission set, andshare
andrename
permissions for the local and descendant file systems. -
User
dina
and thestaff
group are delegated the@basic
permission set for descendant file systems only.
For the pool
file system:
-
The permission set
@simple
(create, destroy, mount) is defined. -
The group
staff
is granted the@simple
permission set on the local file system.
Here is the output for this example:
$ zfs allow pool/glori
---- Permissions on pool/glori ----------------------------------------
Permission sets:
@eng create,destroy,snapshot,mount,clone,promote,rename
@simple create,mount
Create time permissions:
@eng,mountpoint
Local permissions:
user tomi @eng
user joe create,destroy,mount
Local+descendant permissions:
user glori @basic,share,rename
user dina @basic
group staff @basic
---- Permissions on pool ---------------------------------------------
Permission sets:
@simple create,destroy,mount
Local permissions:
group staff @simple