OpenSolaris

Heads up: ZFS delegated administration.

Date: Tue, 26 Jun 2007 10:18:59 -0600
From: Mark Shellenbaum <Mark.Shellenbaum at Sun dot COM>
To: on-all at eng dot sun dot com, onnv-gate at onnv dot eng dot sun dot com
Subject: Heads up: ZFS delegated administration.

With the integration of:

         PSARC/2006/465 ZFS Delegated Administration
         PSARC/2006/577 zpool property to disable delegation
         PSARC/2006/625 Enhancements to zpool history
         PSARC/2007/228 ZFS delegation amendments
         PSARC/2007/295 ZFS Delegated Administration Addendum
         6280676 restore "owner" property
         6349470 investigate non-root restore/backup
         6572465 'zpool set bootfs=...' records history as 'zfs set
bootfs=...'

ZFS now supports the ability to delegate zfs(1M) administrative tasks to
ordinary users.

Two styles of delegated permissions are supported.  First the individual
permission(s) can be explicitly specified, or the administrator can
define a permission set.  A permission set can then later be updated and
all of the consumers of the set will automatically pick up the change.
Permission sets all begin with the letter @ and are limited to 64
characters in length.  Characters after the @ sign in a set name have
the same restrictions as normal ZFS file system names.

To take advantage of the capability existing pools will need to be
upgraded with the "zpool upgrade" command.

I have added a blog entry with some rudimentary examples of ZFS
delegated administration.

http://blogs.sun.com/marks

   -Mark