Displaying ZFS Delegated Permissions (Examples)

You can use the following command to display permissions:

# zfs allow dataset

This command displays permissions that are set or allowed on the specified dataset. The output contains the following components:

• Permission sets

• Individual permissions or create-time permissions

• Local dataset

• Local and descendent datasets

• Descendent datasets only

Example 9–6 Displaying Basic Delegated Administration Permissions

The following output indicates that user cindys has create, destroy, mount, snapshot permissions on the tank/cindys file system.

# zfs allow tank/cindys
       -------------------------------------------------------------
       Local+Descendent permissions on (tank/cindys)
               user cindys create,destroy,mount,snapshot

Example 9–7 Displaying Complex Delegated Administration Permissions

The output in this example indicates the following permissions on the pool/fred and pool file systems.

For the pool/fred file system:

• Two permission sets are defined:

  • @eng (create, destroy, snapshot, mount, clone, promote, rename)

  • @simple (create, mount)

• Create-time permissions are set for the @eng permission set and the mountpoint property. Create-time means that after a dataset set is created, the @eng permission set and the permission to set the mountpoint property are delegated.

• User tom is delegated the @eng permission set, and user joe is granted create, destroy, and mount permissions for local file systems.

• User fred is delegated the @basic permission set, and share and rename permissions for the local and descendent file systems.

• User barney and the staff group are delegated the @basic permission set for descendent file systems only.

For the pool file system:

• The permission set @simple (create, destroy, mount) is defined.

• The group staff is granted the @simple permission set on the local file system.

Here is the output for this example:

$ zfs allow pool/fred
------------------------------------------------------------------------------
Permission sets on (pool/fred)
        @eng create,destroy,snapshot,mount,clone,promote,rename
        @simple create,mount
Create time permissions on (pool/fred)
        @eng,mountpoint
Local permissions on (pool/fred)
        user tom @eng
        user joe create,destroy,mount
Local+Descendent permissions on (pool/fred)
        user fred @basic,share,rename
Descendent permissions on (pool/fred)
        user barney @basic
        group staff @basic
------------------------------------------------------------------------------
Permission sets on (pool)
        @simple create,destroy,mount
Local permissions on (pool)
        group staff @simple
------------------------------------------------------------------------------