Unix & Linux Asked on December 1, 2021
My roommates and I are going to build a NAS server at home with ZFS but each of us want to have our own separated space.
Is it possible to create several different datasets and assign each one to a user so data can only be accessible by the owner?
Yes it is possible. I suggest you try using create time permissions on the base dataset. This is accomplished by using the -c option to zfs allow but first you would allow the users to create new datasets. For example, you could first have a base dataset mypool/base and to this base dataset you allow create permission locally using allow -l -u <user> <permission>[,<permission>...] mypool/base. This would allow user1 to create their own dataset mypool/base/<user1data> and likewise for other users but it doesn't allow them to destroy or mount other users' datasets.
Now, you can use the zfs allow -c option to allow broader permissions on the descendant datasets that will be sufficient for you once you create you own dataset.
From the man pages:
zfs allow -c perm|@setname[,...] filesystem|volume Sets "create time" permissions. These permissions are granted (locally) to the creator of any newly-created descendent file system.
So, by providing broader create time permissions each user could have the full gamut of permissions that will apply only to the datasets that they have created. Try it out with some bogus datasets just to get a sense of how it works.
Alternatively, users must own the mountpoint of the dataset that they are trying to mount so you could preconfigure the dataset mountpoints to be on a directory owned by the corresponding user.
Answered by Jeff on December 1, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP