| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris 11.1 Administration: ZFS File Systems Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris 11.1 Administration: ZFS File Systems Oracle Solaris 11.1 Information Library |
1. Oracle Solaris ZFS File System (Introduction)
2. Getting Started With Oracle Solaris ZFS
3. Managing Oracle Solaris ZFS Storage Pools
4. Managing ZFS Root Pool Components
5. Managing Oracle Solaris ZFS File Systems
6. Working With Oracle Solaris ZFS Snapshots and Clones
7. Using ACLs and Attributes to Protect Oracle Solaris ZFS Files
8. Oracle Solaris ZFS Delegated Administration
Overview of ZFS Delegated Administration
Disabling ZFS Delegated Permissions
Delegating ZFS Permissions (zfs allow)
Removing ZFS Delegated Permissions (zfs unallow)
Delegating ZFS Permissions (Examples)
Removing ZFS Delegated Permissions (Examples)
9. Oracle Solaris ZFS Advanced Topics
10. Oracle Solaris ZFS Troubleshooting and Pool Recovery
11. Archiving Snapshots and Root Pool Recovery
12. Recommended Oracle Solaris ZFS Practices
You can use the following command to display permissions:
# zfs allow dataset
This command displays permissions that are set or allowed on the specified dataset. The output contains the following components:
Permission sets
Individual permissions or create-time permissions
Local dataset
Local and descendent datasets
Descendent datasets only
Example 8-6 Displaying Basic Delegated Administration Permissions
The following output indicates that user cindy has create, destroy, mount, snapshot permissions on the tank/cindy file system.
# zfs allow tank/cindy
-------------------------------------------------------------
Local+Descendent permissions on (tank/cindy)
user cindy create,destroy,mount,snapshotExample 8-7 Displaying Complex Delegated Administration Permissions
The output in this example indicates the following permissions on the pool/fred and pool file systems.
For the pool/fred file system:
Two permission sets are defined:
@eng (create, destroy, snapshot, mount, clone, promote, rename)
@simple (create, mount)
Create-time permissions are set for the @eng permission set and the mountpoint property. Create-time means that after a file system set is created, the @eng permission set and the permission to set the mountpoint property are delegated.
User tom is delegated the @eng permission set, and user joe is granted create, destroy, and mount permissions for local file systems.
User fred is delegated the @basic permission set, and share and rename permissions for the local and descendent file systems.
User barney and the staff group are delegated the @basic permission set for descendent file systems only.
For the pool file system:
The permission set @simple (create, destroy, mount) is defined.
The group staff is granted the @simple permission set on the local file system.
Here is the output for this example:
$ zfs allow pool/fred
---- Permissions on pool/fred ----------------------------------------
Permission sets:
@eng create,destroy,snapshot,mount,clone,promote,rename
@simple create,mount
Create time permissions:
@eng,mountpoint
Local permissions:
user tom @eng
user joe create,destroy,mount
Local+Descendent permissions:
user fred @basic,share,rename
user barney @basic
group staff @basic
---- Permissions on pool ---------------------------------------------
Permission sets:
@simple create,destroy,mount
Local permissions:
group staff @simple
|