community.general.zfs_delegate_admin module – Manage ZFS delegated administration (user admin privileges)
Note
This module is part of the community.general collection (version 10.1.0).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: community.general.zfs_delegate_admin
.
Synopsis
Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
See the
zfs allow
section ofzfs(1M)
for detailed explanations of options.This module attempts to adhere to the behavior of the command line tool as much as possible.
Requirements
The below requirements are needed on the host that executes this module.
A ZFS/OpenZFS implementation that supports delegation with
zfs allow
, including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.
Parameters
Parameter |
Comments |
---|---|
Apply permissions to everyone. Choices:
|
|
List of groups to whom permission(s) should be granted. |
|
File system or volume name, for example |
|
The list of permission(s) to delegate (required if Supported permissions depend on the ZFS version in use. See for example https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html for OpenZFS. |
|
Whether to allow ( When set to When set to Choices:
|
|
List of users to whom permission(s) should be granted. |
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: none |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope
community.general.zfs_delegate_admin:
name: rpool/myfs
users: adm
permissions: allow,unallow
- name: Grant `zfs send` to everyone, plus the group `backup`
community.general.zfs_delegate_admin:
name: rpool/myvol
groups: backup
everyone: true
permissions: send
- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only
community.general.zfs_delegate_admin:
name: rpool/myfs
users: foo,bar
permissions: send,receive
local: true
- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain)
community.general.zfs_delegate_admin:
name: rpool/myfs
everyone: true
state: absent