zfs_delegate_admin – Manage ZFS delegated administration (user admin privileges)

New in version 2.8.

Synopsis
Requirements
Parameters
Examples
Status

Synopsis

Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
See the zfs allow section of zfs(1M) for detailed explanations of options.
This module attempts to adhere to the behavior of the command line tool as much as possible.

Requirements

The below requirements are needed on the host that executes this module.

A ZFS/OpenZFS implementation that supports delegation with zfs allow, including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.

Parameters

Parameter	Choices/Defaults	Comments
descendents boolean	Choices: no yes	Apply permissions to `name`'s descendents (`zfs allow -d`).
everyone boolean	Choices: no ← yes	Apply permissions to everyone.
groups list		List of groups to whom permission(s) should be granted.
local boolean	Choices: no yes	Apply permissions to `name` locally (`zfs allow -l`).
name string / required		File system or volume name e.g. `rpool/myfs`.
permissions list	Choices: allow clone create destroy diff hold mount promote readonly receive release rename rollback send share snapshot unallow	The list of permission(s) to delegate (required if `state` is `present`).
recursive boolean	Choices: no ← yes	Unallow permissions recursively (ignored when `state` is `present`).
state - / required	Choices: absent present ←	Whether to allow (`present`), or unallow (`absent`) a permission. When set to `present`, at least one "entity" param of users, groups, or everyone are required. When set to `absent`, removes permissions from the specified entities, or removes all permissions if no entity params are specified.
users list		List of users to whom permission(s) should be granted.

Examples

- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope
  zfs_delegate_admin:
    name: rpool/myfs
    users: adm
    permissions: allow,unallow

- name: Grant `zfs send` to everyone, plus the group `backup`
  zfs_delegate_admin:
    name: rpool/myvol
    groups: backup
    everyone: yes
    permissions: send

- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only
  zfs_delegate_admin:
    name: rpool/myfs
    users: foo,bar
    permissions: send,receive
    local: yes

- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain)
- zfs_delegate_admin:
    name: rpool/myfs
    everyone: yes
    state: absent

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Nate Coraor (@natefoo)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/zfs_delegate_admin_module.html