Displaying ZFS Delegated Permissions Examples

You can use the following command to display permissions:

$ zfs allow dataset

This command displays permissions that are set or allowed on the specified dataset. The output contains the following components:

  • Permission sets

  • Individual permissions or create-time permissions

  • Local dataset

  • Local and descendant datasets

  • Descendant datasets only

Example 9-6 Displaying Basic Delegated Administration Permissions

The following output indicates that user mindy has create, destroy, mount, snapshot permissions on the system1/mindy file system. 

$ zfs allow system1/mindy
-------------------------------------------------------------
Local+descendant permissions on (system1/mindy)
user mindy create,destroy,mount,snapshot

Example 9-7 Displaying Complex Delegated Administration Permissions

The output in this example indicates the following permissions on the pool/glori and pool file systems.

For the pool/glori file system:

  • Two permission sets are defined:

    • @eng (create, destroy, snapshot, mount, clone, promote, rename)

    • @simple (create, mount)

  • Create-time permissions are set for the @eng permission set and the mountpoint property. Create-time means that after a file system set is created, the @eng permission set and the permission to set the mountpoint property are delegated.

  • User tomi is delegated the @eng permission set, and user joe is granted create, destroy, and mount permissions for local file systems.

  • User glori is delegated the @basic permission set, and share and rename permissions for the local and descendant file systems.

  • User dina and the staff group are delegated the @basic permission set for descendant file systems only.

For the pool file system:

  • The permission set @simple (create, destroy, mount) is defined.

  • The group staff is granted the @simple permission set on the local file system.

Here is the output for this example:

$ zfs allow pool/glori
---- Permissions on pool/glori ----------------------------------------
Permission sets:
@eng create,destroy,snapshot,mount,clone,promote,rename
@simple create,mount
Create time permissions:
@eng,mountpoint
Local permissions:
user tomi @eng
user joe create,destroy,mount
Local+descendant permissions:
user glori @basic,share,rename
user dina @basic
group staff @basic
---- Permissions on pool ---------------------------------------------
Permission sets:
@simple create,destroy,mount
Local permissions:
group staff @simple