zfs_delegate_admin – Manage ZFS delegated administration (user admin privileges)¶
New in version 2.8.
- Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
- See the
zfs allowsection of
zfs(1M) for detailed explanations of options.
- This module attempts to adhere to the behavior of the command line tool as much as possible.
The below requirements are needed on the host that executes this module.
- A ZFS/OpenZFS implementation that supports delegation with zfs allow, including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.
- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope zfs_delegate_admin: name: rpool/myfs users: adm permissions: allow,unallow - name: Grant `zfs send` to everyone, plus the group `backup` zfs_delegate_admin: name: rpool/myvol groups: backup everyone: yes permissions: send - name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only zfs_delegate_admin: name: rpool/myfs users: foo,bar permissions: send,receive local: yes - name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain) - zfs_delegate_admin: name: rpool/myfs everyone: yes state: absent