[OpenIndiana-discuss] zfs snapshot script

[Dan Swartzendruber]

Can zfssnap role be restricted to specific filesystems?  If not, I'd be
concerned about allowing too much power...

-----Original Message-----
From: Jamon Camisso [mailto:jamonation at gmail.com] 
Sent: Sunday, May 01, 2011 11:50 AM
To: Discussion list for OpenIndiana
Subject: Re: [OpenIndiana-discuss] zfs snapshot script

On 5/1/2011 9:46 AM, Matt Connolly wrote:
> Hi all,
> 
> I'm putting together a script to create zfs snapshots after a backup has
been completed (via Apple TimeMachine or rsync for example). When I'm logged
into the machine, I can only access the "zfs snapshot" command as root via
"sudo" or "pfexec". Neither of these are available directly from a ssh
command. For example:
> 
> client$ ssh user at server
> server$ sudo zfs snapshot blah at blah -> works
> ..or..
> server$ pfexec zfs snapshot blah at blah -> works
> 
> ..but..
> 
> client$ ssh user at host zfs snapshot blah -> fails = permission denied
> client$ ssh user at host pfexec zfs snapshot blah -> fails = permission
denied
> client$ ssh user at host sudo zfs snapshot blah -> fails = sudo: no tty
present and no askpass program specified
> 
> What would be the best practice for creating a zfs snapshot based on an
external trigger (eg: message from client after a successful backup).

Allow the backup user to have the zfssnap role with RBAC. With that set
you can run something like this:

DATE=$(date +%Y-%m-%d-%H:%M)
ssh user at 10.0.0.x "pfexec /usr/sbin/zfs snapshot BACKUPS/foohost@$DATE"

Proof that it works (though I didn't run an actual backup, so there's no
new data):

~ # ssh user at 10.0.0.x "/usr/sbin/zfs list -H -r -t snapshot
BACKUPS/foohost" |tail -n 1
BACKUPS/foohost at 2011-05-01-11:38 0       -     13.3G -

Jamon

_______________________________________________
OpenIndiana-discuss mailing list
OpenIndiana-discuss at openindiana.org
http://openindiana.org/mailman/listinfo/openindiana-discuss