Re: `zfs allow` on NetBSD - what other perms for mounting FS created with `zfs create`?

To: vsis <vsis@vsis.online>
Subject: Re: `zfs allow` on NetBSD - what other perms for mounting FS created with `zfs create`?
From: Brad Spencer <brad%anduin.eldar.org@localhost>
Date: Tue, 21 Apr 2026 14:14:08 -0400

vsis <vsis@vsis.online> writes:

> On 4/21/26 18:06, Jeff Rizzo wrote:
>> I'm currently playing around with delegating certain actions to ordinary 
>> users
>
>
> What if you just install/use `security/doas`.
>
>
> Something like `permit nopass riz as root cmd /sbin/zfs` in doas.conf 
> should work, I believe.
>
> User riz will be able to run `doas zfs` as root, but no other commands. 
> Unless you allow other commands in doas.conf
>
> Then, an alias like `zfs="doas zfs"` makes the typing even easier.
>
>
> vsis <vsis@vsis.online>

I believe that would allow the user to mess with every zfs fileset, not
just particular ones, which is what you can get with "zfs allow".

It should be generally safe to allow /dev/zfs to have more open
permissions.  I run with that all of the time and I could not come up
with a test that allowed a not-root user to do something they shouldn't.

-- 
Brad Spencer - brad%anduin.eldar.org@localhost

References:
- Re: `zfs allow` on NetBSD - what other perms for mounting FS created with `zfs create`?
  - From: vsis

Prev by Date: Re: `zfs allow` on NetBSD - what other perms for mounting FS created with `zfs create`?
Previous by Thread: Re: `zfs allow` on NetBSD - what other perms for mounting FS created with `zfs create`?
Indexes:

Home | Main Index | Thread Index | Old Index