Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ZFS-ALLOW(8)		FreeBSD	System Manager's Manual		  ZFS-ALLOW(8)

NAME
     zfs-allow -- delegate ZFS administration permissions to unprivileged
     users

SYNOPSIS
     zfs allow [-dglu] user|group[,user|group]a|
	 perm|@setname[,perm|@setname]a| filesystem|volume
     zfs allow [-dl] -e|everyone perm|@setname[,perm|@setname]a|
	 filesystem|volume
     zfs allow -c perm|@setname[,perm|@setname]a| filesystem|volume
     zfs allow -s @setname perm|@setname[,perm|@setname]a| filesystem|volume
     zfs unallow [-dglru] user|group[,user|group]a|
	 [perm|@setname[,perm|@setname]a|] filesystem|volume
     zfs unallow [-dlr]	-e|everyone [perm|@setname[,perm|@setname]a|]
	 filesystem|volume
     zfs unallow [-r] -c [perm|@setname[,perm|@setname]a|] filesystem|volume
     zfs unallow [-r] -s @setname [perm|@setname[,perm|@setname]a|]
	 filesystem|volume

DESCRIPTION
     zfs allow filesystem|volume
       Displays	permissions that have been delegated on	the specified filesys-
       tem or volume.  See the other forms of zfs allow	for more information.

       Delegations are supported under Linux with the exception	of mount,
       unmount,	mountpoint, canmount, rename, and share.  These	permissions
       cannot be delegated because the Linux mount(8) command restricts	modi-
       fications of the	global namespace to the	root user.

     zfs allow [-dglu] user|group[,user|group]a|
       perm|@setname[,perm|@setname]a| filesystem|volume

     zfs allow [-dl] -e|everyone perm|@setname[,perm|@setname]a|
       filesystem|volume
       Delegates ZFS administration permission for the file systems to non-
       privileged users.

       -d  Allow only for the descendent file systems.

       -e|everyone
	   Specifies that the permissions be delegated to everyone.

       -g group[,group]a|
	   Explicitly specify that permissions are delegated to	the group.

       -l  Allow "locally" only	for the	specified file system.

       -u user[,user]a|
	   Explicitly specify that permissions are delegated to	the user.

       user|group[,user|group]a|
	   Specifies to	whom the permissions are delegated.  Multiple entities
	   can be specified as a comma-separated list.	If neither of the -gu
	   options are specified, then the argument is interpreted preferen-
	   tially as the keyword everyone, then	as a user name,	and lastly as
	   a group name.  To specify a user or group named "everyone", use the
	   -g or -u options.  To specify a group with the same name as a user,
	   use the -g options.

       perm|@setname[,perm|@setname]a|
	   The permissions to delegate.	 Multiple permissions may be specified
	   as a	comma-separated	list.  Permission names	are the	same as	ZFS
	   subcommand and property names.  See the property list below.	 Prop-
	   erty	set names, which begin with @, may be specified.  See the -s
	   form	below for details.

       If neither of the -dl options are specified, or both are, then the per-
       missions	are allowed for	the file system	or volume, and all of its de-
       scendents.

       Permissions are generally the ability to	use a ZFS subcommand or	change
       a ZFS property.	The following permissions are available:
       NAME		      TYPE	   NOTES
       ---------------------------------------------------------------------------------------------------------------------------------------------------------------
       allow		      subcommand   Must	also have the permission that is being allowed
       bookmark		      subcommand
       clone		      subcommand   Must	also have the create ability and mount ability in the origin file system
       create		      subcommand   Must	also have the mount ability. Must also have the	refreservation ability to create a non-sparse volume.
       destroy		      subcommand   Must	also have the mount ability
       diff		      subcommand   Allows lookup of paths within a dataset given an object number, and the ability to create snapshots necessary to zfs	diff.
       hold		      subcommand   Allows adding a user	hold to	a snapshot
       load-key		      subcommand   Allows loading and unloading	of encryption key (see zfs load-key and	zfs unload-key).
       change-key	      subcommand   Allows changing an encryption key via zfs change-key.
       mount		      subcommand   Allows mounting/umounting ZFS datasets
       promote		      subcommand   Must	also have the mount and	promote	ability	in the origin file system
       receive		      subcommand   Must	also have the mount and	create ability
       release		      subcommand   Allows releasing a user hold	which might destroy the	snapshot
       rename		      subcommand   Must	also have the mount and	create ability in the new parent
       rollback		      subcommand   Must	also have the mount ability
       send		      subcommand
       share		      subcommand   Allows sharing file systems over NFS	or SMB protocols
       snapshot		      subcommand   Must	also have the mount ability

       groupquota	      other	   Allows accessing any	groupquota@... property
       groupobjquota	      other	   Allows accessing any	groupobjquota@... property
       groupused	      other	   Allows reading any groupused@... property
       groupobjused	      other	   Allows reading any groupobjused@... property
       userprop		      other	   Allows changing any user property
       userquota	      other	   Allows accessing any	userquota@... property
       userobjquota	      other	   Allows accessing any	userobjquota@... property
       userused		      other	   Allows reading any userused@... property
       userobjused	      other	   Allows reading any userobjused@... property
       projectobjquota	      other	   Allows accessing any	projectobjquota@... property
       projectquota	      other	   Allows accessing any	projectquota@... property
       projectobjused	      other	   Allows reading any projectobjused@... property
       projectused	      other	   Allows reading any projectused@... property

       aclinherit	      property
       aclmode		      property
       acltype		      property
       atime		      property
       canmount		      property
       casesensitivity	      property
       checksum		      property
       compression	      property
       context		      property
       copies		      property
       dedup		      property
       defcontext	      property
       devices		      property
       dnodesize	      property
       encryption	      property
       exec		      property
       filesystem_limit	      property
       fscontext	      property
       keyformat	      property
       keylocation	      property
       logbias		      property
       mlslabel		      property

       mountpoint	      property
       nbmand		      property
       normalization	      property
       overlay		      property
       pbkdf2iters	      property
       primarycache	      property
       quota		      property
       readonly		      property
       recordsize	      property
       redundant_metadata     property
       refquota		      property
       refreservation	      property
       relatime		      property
       reservation	      property
       rootcontext	      property
       secondarycache	      property
       setuid		      property
       sharenfs		      property
       sharesmb		      property
       snapdev		      property
       snapdir		      property
       snapshot_limit	      property
       special_small_blocks   property
       sync		      property
       utf8only		      property
       version		      property
       volblocksize	      property
       volmode		      property
       volsize		      property
       vscan		      property
       xattr		      property
       zoned		      property

     zfs allow -c perm|@setname[,perm|@setname]a| filesystem|volume
       Sets "create time" permissions.	These permissions are granted
       (locally) to the	creator	of any newly-created descendent	file system.

     zfs allow -s @setname perm|@setname[,perm|@setname]a| filesystem|volume
       Defines or adds permissions to a	permission set.	 The set can be	used
       by other	zfs allow commands for the specified file system and its de-
       scendents.  Sets	are evaluated dynamically, so changes to a set are im-
       mediately reflected.  Permission	sets follow the	same naming restric-
       tions as	ZFS file systems, but the name must begin with @, and can be
       no more than 64 characters long.

     zfs unallow [-dglru] user|group[,user|group]a|
       [perm|@setname[,perm|@setname]a|] filesystem|volume

     zfs unallow [-dlr]	-e|everyone [perm|@setname[,perm|@setname]a|]
       filesystem|volume

     zfs unallow [-r] -c [perm|@setname[,perm|@setname]a|] filesystem|volume
       Removes permissions that	were granted with the zfs allow	command.  No
       permissions are explicitly denied, so other permissions granted are
       still in	effect.	 For example, if the permission	is granted by an an-
       cestor.	If no permissions are specified, then all permissions for the
       specified user, group, or everyone are removed.	Specifying everyone
       (or using the -e	option)	only removes the permissions that were granted
       to everyone, not	all permissions	for every user and group.  See the zfs
       allow command for a description of the -ldugec options.

       -r  Recursively remove the permissions from this	file system and	all
	   descendents.

     zfs unallow [-r] -s @setname [perm|@setname[,perm|@setname]a|]
       filesystem|volume
       Removes permissions from	a permission set.  If no permissions are spec-
       ified, then all permissions are removed,	thus removing the set en-
       tirely.

FreeBSD	13.0			 May 27, 2021			  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=zfs-unallow&sektion=8&manpath=FreeBSD+13.1-RELEASE+and+Ports>

home | help