Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris ZFS Administration Guide
Previous Next

Overview of ZFS Delegated Administration

This feature enables you to distribute fine-grained permissions to specific users, groups, or everyone. Two styles of delegated permissions are supported:

  • Individual permissions can be explicitly specified such a create, destroy, mount and snapshot, and so on.

  • Groups of permissions called permission sets can be defined. A permission set can later be updated and all of the consumers of the set automatically pick up the change. Permission sets begin with the @ letter and are limited to 64 characters in length. After the @ character, the remaining characters in the set name have the same restrictions as normal ZFS file system names.

ZFS delegated administration provides similar features to the RBAC security. However, ZFS delegated administration provides the following advantages for administering ZFS storage pools and file systems:

  • Permissions follow the ZFS storage pool when the pool is migrated.

  • Provides dynamic inheritance and you can control how the permissions propagate through the file systems.

  • Can be configured so that only the creator of a file system can destroy the file systems they create.

  • Permissions can be distributed to specific file systems. Newly created file systems can automatically pick up permissions.

  • Provides simple NFS administration. For example, a user with explicit permissions could create a snapshot over NFS in the appropriate .zfs/snapshot directory.

Consider using delegated administration for distributing ZFS tasks. For information about using RBAC to manage general Solaris administration tasks, see Part III, Roles, Rights Profiles, and Privileges, in System Administration Guide: Security Services.

Disabling ZFS Delegated Permissions

You can modify the ability to use delegated administration with the pool's delegation property. For example:

# zpool get delegation users
NAME  PROPERTY    VALUE       SOURCE
users  delegation  on          default
# zpool set delegation=off users
# zpool get delegation users
NAME  PROPERTY    VALUE       SOURCE
users  delegation  off         local

By default, the delegation property is enabled.

Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire