[OpenIndiana-discuss] ZFS remote receive

Roy Sigurd Karlsbakk roy at karlsbakk.net
Wed Oct 24 02:51:07 UTC 2012


> I use the sudo method and I also assign the user zfs rights for that
> pool.
> here is my sudoers file:
> 
> bkuser ALL = NOPASSWD: /usr/sbin/zfs
> 
> and here is the rights assignment:
> 
> zfs allow -s @adminrole
> clone,create,destroy,mount,promote,quota,receive,rename,reservation,rollback,send,snapshot,userprop
> backup
> zfs allow bkuser @adminrole backup
> 
> I am sure it could be a lot tighter for security, but it works.

No point in using zfs allow if you run zfs receive with sudo…

Btw, I tried allowing all sorts of stuff to a similar user for zfs receive, but never got it to work, and ended up setting up sudo as above instead. These things may have been fixed now, though, since this was some time ago (and I don't work there anymore).

Vennlige hilsener / Best regards

roy
--
Roy Sigurd Karlsbakk
(+47) 98013356
roy at karlsbakk.net
http://blogg.karlsbakk.net/
GPG Public key: http://karlsbakk.net/roysigurdkarlsbakk.pubkey.txt
--
I all pedagogikk er det essensielt at pensum presenteres intelligibelt. Det er et elementært imperativ for alle pedagoger å unngå eksessiv anvendelse av idiomer med xenotyp etymologi. I de fleste tilfeller eksisterer adekvate og relevante synonymer på norsk.



More information about the OpenIndiana-discuss mailing list