Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ZFS-ALLOW(8)		FreeBSD	System Manager's Manual		  ZFS-ALLOW(8)

NAME
     zfs-allow -- Delegates ZFS	administration permission for the file systems
     to	non-privileged users.

SYNOPSIS
     zfs allow [-dglu] user|group[,user|group]...
	 perm|@setname[,perm|@setname]... filesystem|volume
     zfs allow [-dl] -e|everyone perm|@setname[,perm|@setname]...
	 filesystem|volume
     zfs allow -c perm|@setname[,perm|@setname]... filesystem|volume
     zfs allow -s @setname perm|@setname[,perm|@setname]... filesystem|volume
     zfs unallow [-dglru] user|group[,user|group]...
	 [perm|@setname[,perm|@setname]...] filesystem|volume
     zfs unallow [-dlr]	-e|everyone [perm|@setname[,perm|@setname]...]
	 filesystem|volume
     zfs unallow [-r] -c [perm|@setname[,perm|@setname]...] filesystem|volume
     zfs unallow [-r] -s @setname [perm|@setname[,perm|@setname]...]
	 filesystem|volume

DESCRIPTION
     zfs allow filesystem|volume
       Displays	permissions that have been delegated on	the specified filesys-
       tem or volume.  See the other forms of zfs allow	for more information.

       Delegations are supported under Linux with the exception	of mount,
       unmount,	mountpoint, canmount, rename, and share.  These	permissions
       cannot be delegated because the Linux mount(8) command restricts	modi-
       fications of the	global namespace to the	root user.

     zfs allow [-dglu] user|group[,user|group]...
       perm|@setname[,perm|@setname]...	filesystem|volume

     zfs allow [-dl] -e|everyone perm|@setname[,perm|@setname]...
       filesystem|volume
       Delegates ZFS administration permission for the file systems to non-
       privileged users.

       -d  Allow only for the descendent file systems.

       -e|everyone
	   Specifies that the permissions be delegated to everyone.

       -g group[,group]...
	   Explicitly specify that permissions are delegated to	the group.

       -l  Allow "locally" only	for the	specified file system.

       -u user[,user]...
	   Explicitly specify that permissions are delegated to	the user.

       user|group[,user|group]...
	   Specifies to	whom the permissions are delegated.  Multiple entities
	   can be specified as a comma-separated list.	If neither of the -gu
	   options are specified, then the argument is interpreted preferen-
	   tially as the keyword everyone, then	as a user name,	and lastly as
	   a group name.  To specify a user or group named "everyone", use the
	   -g or -u options.  To specify a group with the same name as a user,
	   use the -g options.

       perm|@setname[,perm|@setname]...
	   The permissions to delegate.	 Multiple permissions may be specified
	   as a	comma-separated	list.  Permission names	are the	same as	ZFS
	   subcommand and property names.  See the property list below.	 Prop-
	   erty	set names, which begin with @, may be specified.  See the -s
	   form	below for details.

       If neither of the -dl options are specified, or both are, then the per-
       missions	are allowed for	the file system	or volume, and all of its de-
       scendents.

       Permissions are generally the ability to	use a ZFS subcommand or	change
       a ZFS property.	The following permissions are available:

       NAME		TYPE	       NOTES
       allow		subcommand     Must also have the permission that is
				       being allowed
       clone		subcommand     Must also have the 'create' ability and
				       'mount' ability in the origin file system
       create		subcommand     Must also have the 'mount' ability.
				       Must also have the 'refreservation' ability to
				       create a	non-sparse volume.
       destroy		subcommand     Must also have the 'mount' ability
       diff		subcommand     Allows lookup of	paths within a dataset
				       given an	object number, and the ability
				       to create snapshots necessary to
				       'zfs diff'.
       hold		subcommand     Allows adding a user hold to a snapshot
       load-key		subcommand     Allows loading and unloading of encryption key
				       (see 'zfs load-key' and 'zfs unload-key').
       change-key	subcommand     Allows changing an encryption key via
				       'zfs change-key'.
       mount		subcommand     Allows mount/umount of ZFS datasets
       promote		subcommand     Must also have the 'mount' and 'promote'
				       ability in the origin file system
       receive		subcommand     Must also have the 'mount' and 'create'
				       ability
       release		subcommand     Allows releasing	a user hold which might
				       destroy the snapshot
       rename		subcommand     Must also have the 'mount' and 'create'
				       ability in the new parent
       rollback		subcommand     Must also have the 'mount' ability
       send		subcommand
       share		subcommand     Allows sharing file systems over	NFS
				       or SMB protocols
       snapshot		subcommand     Must also have the 'mount' ability

       groupquota	other	       Allows accessing	any groupquota@...
				       property
       groupused	other	       Allows reading any groupused@...	property
       userprop		other	       Allows changing any user	property
       userquota	other	       Allows accessing	any userquota@...
				       property
       userused		other	       Allows reading any userused@... property
       projectobjquota	other	       Allows accessing	any projectobjquota@...
				       property
       projectquota	other	       Allows accessing	any projectquota@... property
       projectobjused	other	       Allows reading any projectobjused@... property
       projectused	other	       Allows reading any projectused@... property

       aclinherit	property
       acltype		property
       atime		property
       canmount		property
       casesensitivity	property
       checksum		property
       compression	property
       copies		property
       devices		property
       exec		property
       filesystem_limit	property
       mountpoint	property
       nbmand		property
       normalization	property
       primarycache	property
       quota		property
       readonly		property
       recordsize	property
       refquota		property
       refreservation	property
       reservation	property
       secondarycache	property
       setuid		property
       sharenfs		property
       sharesmb		property
       snapdir		property
       snapshot_limit	property
       utf8only		property
       version		property
       volblocksize	property
       volsize		property
       vscan		property
       xattr		property
       zoned		property

     zfs allow -c perm|@setname[,perm|@setname]... filesystem|volume
       Sets "create time" permissions.	These permissions are granted
       (locally) to the	creator	of any newly-created descendent	file system.

     zfs allow -s @setname perm|@setname[,perm|@setname]... filesystem|volume
       Defines or adds permissions to a	permission set.	 The set can be	used
       by other	zfs allow commands for the specified file system and its de-
       scendents.  Sets	are evaluated dynamically, so changes to a set are im-
       mediately reflected.  Permission	sets follow the	same naming restric-
       tions as	ZFS file systems, but the name must begin with @, and can be
       no more than 64 characters long.

     zfs unallow [-dglru] user|group[,user|group]...
       [perm|@setname[,perm|@setname]...] filesystem|volume

     zfs unallow [-dlr]	-e|everyone [perm|@setname[,perm|@setname]...]
       filesystem|volume

     zfs unallow [-r] -c [perm|@setname[,perm|@setname]...] filesystem|volume
       Removes permissions that	were granted with the zfs allow	command.  No
       permissions are explicitly denied, so other permissions granted are
       still in	effect.	 For example, if the permission	is granted by an an-
       cestor.	If no permissions are specified, then all permissions for the
       specified user, group, or everyone are removed.	Specifying everyone
       (or using the -e	option)	only removes the permissions that were granted
       to everyone, not	all permissions	for every user and group.  See the zfs
       allow command for a description of the -ldugec options.

       -r  Recursively remove the permissions from this	file system and	all
	   descendents.

     zfs unallow [-r] -s @setname [perm|@setname[,perm|@setname]...]
       filesystem|volume
       Removes permissions from	a permission set.  If no permissions are spec-
       ified, then all permissions are removed,	thus removing the set en-
       tirely.

FreeBSD	13.0			 June 30, 2019			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=zfs-unallow&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help