4 .\" The contents of this file are subject to the terms of the
5 .\" Common Development and Distribution License (the "License").
6 .\" You may not use this file except in compliance with the License.
8 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 .\" or http://www.opensolaris.org/os/licensing.
10 .\" See the License for the specific language governing permissions
11 .\" and limitations under the License.
13 .\" When distributing Covered Code, include this CDDL HEADER in each
14 .\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 .\" If applicable, add the following below this CDDL HEADER, with the
16 .\" fields enclosed by brackets "[]" replaced with your own identifying
17 .\" information: Portions Copyright [yyyy] [name of copyright owner]
22 .\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
23 .\" Copyright 2011 Joshua M. Clulow <josh@sysmgr.org>
24 .\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
25 .\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
26 .\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
27 .\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
28 .\" Copyright (c) 2014 Integros [integros.com]
29 .\" Copyright 2019 Richard Laager. All rights reserved.
30 .\" Copyright 2018 Nexenta Systems, Inc.
31 .\" Copyright 2019 Joyent, Inc.
37 .Nm zfs Ns Pf - Cm allow
38 .Nd Delegates ZFS administration permission for the file systems to non-privileged users.
43 .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ...
44 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
46 .Ar filesystem Ns | Ns Ar volume
50 .Fl e Ns | Ns Sy everyone
51 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
53 .Ar filesystem Ns | Ns Ar volume
57 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
59 .Ar filesystem Ns | Ns Ar volume
62 .Fl s No @ Ns Ar setname
63 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
65 .Ar filesystem Ns | Ns Ar volume
69 .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ...
70 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
71 .Ar setname Oc Ns ... Oc
72 .Ar filesystem Ns | Ns Ar volume
76 .Fl e Ns | Ns Sy everyone
77 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
78 .Ar setname Oc Ns ... Oc
79 .Ar filesystem Ns | Ns Ar volume
84 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
85 .Ar setname Oc Ns ... Oc
86 .Ar filesystem Ns | Ns Ar volume
90 .Fl s No @ Ns Ar setname
91 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
92 .Ar setname Oc Ns ... Oc
93 .Ar filesystem Ns | Ns Ar volume
99 .Ar filesystem Ns | Ns Ar volume
101 Displays permissions that have been delegated on the specified filesystem or
103 See the other forms of
105 for more information.
107 Delegations are supported under Linux with the exception of
115 These permissions cannot be delegated because the Linux
117 command restricts modifications of the global namespace to the root user.
122 .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ...
123 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
124 .Ar setname Oc Ns ...
125 .Ar filesystem Ns | Ns Ar volume
131 .Fl e Ns | Ns Sy everyone
132 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
133 .Ar setname Oc Ns ...
134 .Ar filesystem Ns | Ns Ar volume
136 Delegates ZFS administration permission for the file systems to non-privileged
140 Allow only for the descendent file systems.
141 .It Fl e Ns | Ns Sy everyone
142 Specifies that the permissions be delegated to everyone.
143 .It Fl g Ar group Ns Oo , Ns Ar group Oc Ns ...
144 Explicitly specify that permissions are delegated to the group.
148 only for the specified file system.
149 .It Fl u Ar user Ns Oo , Ns Ar user Oc Ns ...
150 Explicitly specify that permissions are delegated to the user.
151 .It Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ...
152 Specifies to whom the permissions are delegated.
153 Multiple entities can be specified as a comma-separated list.
156 options are specified, then the argument is interpreted preferentially as the
159 then as a user name, and lastly as a group name.
160 To specify a user or group named
167 To specify a group with the same name as a user, use the
171 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
172 .Ar setname Oc Ns ...
174 The permissions to delegate.
175 Multiple permissions may be specified as a comma-separated list.
176 Permission names are the same as ZFS subcommand and property names.
177 See the property list below.
178 Property set names, which begin with
183 form below for details.
188 options are specified, or both are, then the permissions are allowed for the
189 file system or volume, and all of its descendents.
191 Permissions are generally the ability to use a ZFS subcommand or change a ZFS
193 The following permissions are available:
196 allow subcommand Must also have the permission that is
198 clone subcommand Must also have the 'create' ability and
199 'mount' ability in the origin file system
200 create subcommand Must also have the 'mount' ability.
201 Must also have the 'refreservation' ability to
202 create a non-sparse volume.
203 destroy subcommand Must also have the 'mount' ability
204 diff subcommand Allows lookup of paths within a dataset
205 given an object number, and the ability
206 to create snapshots necessary to
208 load-key subcommand Allows loading and unloading of encryption key
209 (see 'zfs load-key' and 'zfs unload-key').
210 change-key subcommand Allows changing an encryption key via
212 mount subcommand Allows mount/umount of ZFS datasets
213 promote subcommand Must also have the 'mount' and 'promote'
214 ability in the origin file system
215 receive subcommand Must also have the 'mount' and 'create'
217 rename subcommand Must also have the 'mount' and 'create'
218 ability in the new parent
219 rollback subcommand Must also have the 'mount' ability
221 share subcommand Allows sharing file systems over NFS
223 snapshot subcommand Must also have the 'mount' ability
225 groupquota other Allows accessing any groupquota@...
227 groupused other Allows reading any groupused@... property
228 userprop other Allows changing any user property
229 userquota other Allows accessing any userquota@...
231 userused other Allows reading any userused@... property
232 projectobjquota other Allows accessing any projectobjquota@...
234 projectquota other Allows accessing any projectquota@... property
235 projectobjused other Allows reading any projectobjused@... property
236 projectused other Allows reading any projectused@... property
242 casesensitivity property
248 filesystem_limit property
251 normalization property
252 primarycache property
257 refreservation property
259 secondarycache property
264 snapshot_limit property
267 volblocksize property
277 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
278 .Ar setname Oc Ns ...
279 .Ar filesystem Ns | Ns Ar volume
284 These permissions are granted
286 to the creator of any newly-created descendent file system.
290 .Fl s No @ Ns Ar setname
291 .Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
292 .Ar setname Oc Ns ...
293 .Ar filesystem Ns | Ns Ar volume
295 Defines or adds permissions to a permission set.
296 The set can be used by other
298 commands for the specified file system and its descendents.
299 Sets are evaluated dynamically, so changes to a set are immediately reflected.
300 Permission sets follow the same naming restrictions as ZFS file systems, but the
303 and can be no more than 64 characters long.
308 .Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns ...
309 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
310 .Ar setname Oc Ns ... Oc
311 .Ar filesystem Ns | Ns Ar volume
317 .Fl e Ns | Ns Sy everyone
318 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
319 .Ar setname Oc Ns ... Oc
320 .Ar filesystem Ns | Ns Ar volume
327 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
328 .Ar setname Oc Ns ... Oc
329 .Ar filesystem Ns | Ns Ar volume
331 Removes permissions that were granted with the
334 No permissions are explicitly denied, so other permissions granted are still in
336 For example, if the permission is granted by an ancestor.
337 If no permissions are specified, then all permissions for the specified
349 only removes the permissions that were granted to everyone, not all permissions
350 for every user and group.
353 command for a description of the
358 Recursively remove the permissions from this file system and all descendents.
364 .Fl s No @ Ns Ar setname
365 .Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns
366 .Ar setname Oc Ns ... Oc
367 .Ar filesystem Ns | Ns Ar volume
369 Removes permissions from a permission set.
370 If no permissions are specified, then all permissions are removed, thus removing