community.general.zfs_delegate_admin – Manage ZFS delegated administration (user admin privileges)
Note
This plugin is part of the community.general collection (version 2.0.1).
To install it use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.zfs_delegate_admin
.
Synopsis
- Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
- See the
zfs allow
section ofzfs(1M
) for detailed explanations of options. - This module attempts to adhere to the behavior of the command line tool as much as possible.
Requirements
The below requirements are needed on the host that executes this module.
- A ZFS/OpenZFS implementation that supports delegation with
zfs allow
, including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.
Parameters
Parameter | Choices/Defaults | Comments |
---|---|---|
descendents boolean |
| Apply permissions to name 's descendents (zfs allow -d ). |
everyone boolean |
| Apply permissions to everyone. |
groups list / elements=string | List of groups to whom permission(s) should be granted. | |
local boolean |
| Apply permissions to name locally (zfs allow -l ). |
name string / required | File system or volume name e.g. rpool/myfs . | |
permissions list / elements=string |
| The list of permission(s) to delegate (required if state is present ). |
recursive boolean |
| Unallow permissions recursively (ignored when state is present ). |
state string |
| Whether to allow ( present ), or unallow (absent ) a permission.When set to present , at least one "entity" param of users, groups, or everyone are required.When set to absent , removes permissions from the specified entities, or removes all permissions if no entity params are specified. |
users list / elements=string | List of users to whom permission(s) should be granted. |
Examples
- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope community.general.zfs_delegate_admin: name: rpool/myfs users: adm permissions: allow,unallow - name: Grant `zfs send` to everyone, plus the group `backup` community.general.zfs_delegate_admin: name: rpool/myvol groups: backup everyone: yes permissions: send - name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only community.general.zfs_delegate_admin: name: rpool/myfs users: foo,bar permissions: send,receive local: yes - name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain) community.general.zfs_delegate_admin: name: rpool/myfs everyone: yes state: absent
Authors
- Nate Coraor (@natefoo)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/general/zfs_delegate_admin_module.html