From owner-svn-doc-projects@FreeBSD.ORG Wed Oct 2 17:53:48 2013 Return-Path: Delivered-To: svn-doc-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id A2217207; Wed, 2 Oct 2013 17:53:48 +0000 (UTC) (envelope-from bcr@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8EBFF2CB5; Wed, 2 Oct 2013 17:53:48 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r92Hrmjl064158; Wed, 2 Oct 2013 17:53:48 GMT (envelope-from bcr@svn.freebsd.org) Received: (from bcr@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r92HrmFV064157; Wed, 2 Oct 2013 17:53:48 GMT (envelope-from bcr@svn.freebsd.org) Message-Id: <201310021753.r92HrmFV064157@svn.freebsd.org> From: Benedict Reuschling Date: Wed, 2 Oct 2013 17:53:48 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org Subject: svn commit: r42807 - projects/zfsupdate-201307/en_US.ISO8859-1/books/handbook/zfs X-SVN-Group: doc-projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for doc projects trees List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Oct 2013 17:53:48 -0000 Author: bcr Date: Wed Oct 2 17:53:48 2013 New Revision: 42807 URL: http://svnweb.freebsd.org/changeset/doc/42807 Log: Add basic information about ZFS delegation and small corrections to other parts. Submitted by: Allan Jude Modified: projects/zfsupdate-201307/en_US.ISO8859-1/books/handbook/zfs/chapter.xml Modified: projects/zfsupdate-201307/en_US.ISO8859-1/books/handbook/zfs/chapter.xml ============================================================================== --- projects/zfsupdate-201307/en_US.ISO8859-1/books/handbook/zfs/chapter.xml Wed Oct 2 16:19:37 2013 (r42806) +++ projects/zfsupdate-201307/en_US.ISO8859-1/books/handbook/zfs/chapter.xml Wed Oct 2 17:53:48 2013 (r42807) @@ -25,7 +25,7 @@ Data integrity: checksums are created when data is written - and checked when data is read. If on-disk data corruption is + and checked when data is read. If on-disk data corruption is detected, the user is notified and recovery methods are initiated. @@ -476,7 +476,13 @@ errors: No known data errors Adding & Removing Devices - + Creating a ZFS Storage Pool (zpool) + involves making a number of decisions that are relatively + permanent. Although additional vdevs can be added to a pool, + the layout of the pool cannot be changed once the pool has + been created, instead the data must be backed up and the pool + recreated. Currently, devices cannot be removed from a + zpool. @@ -574,14 +580,15 @@ data 288G 1.53T Creating & Destroying Volumes - + A volume can be formatted with any filesystem on top of - it. This will appear to the user as if they are working with - that specific filesystem and not ZFS. This way, it can be - used to augment non-ZFS filesystems with ZFS features that - they do not have. For example, combining the ZFS compression - property together with a 250 MB volume allows to create a - compressed FAT filesystem. + it. This will appear to the user as if they are working with + a regular disk using that specific filesystem and not ZFS. + In this way, non-ZFS file systems can be augmented with + ZFS features that they would not normally have. For example, + combining the ZFS compression property together with a + 250 MB volume allows to create a compressed FAT + filesystem. &prompt.root; zfs create -V 250m -o compression=on tank/fat32 &prompt.root; zfs list tank @@ -608,15 +615,15 @@ Filesystem Size Used Avail Cap It is possible to set user-defined properties in ZFS. - They become part of the pool configuration and can be used to - provide additional information about the pool or it's - contents. To distnguish these custom properties from the ones - supplied by ZFS by default, the colon (:) - is used in the property name. + They become part of the dataset configuration and can be used + to provide additional information about the dataset or its + contents. To distnguish these custom properties from the + ones supplied as part of ZFS, a colon (:) + is used to create a custom namespace for the property. &prompt.root; zfs set custom:costcenter=1234 &prompt.root; zfs get custom:costcenter -NAME PROPERTY VALUE SOURCE +NAME PROPERTY VALUE SOURCE tank custom:costcenter 1234 local @@ -780,11 +787,52 @@ tank custom:costcenter 1234 local + - - Delegated Administration + + Delegated Administration - + ZFS features a comprehensive delegation system to assign + permissions to performs the various ZFS administration functions + to a regular user. For example, if each users' home directory + is a dataset, then each user could be delegated permission to + create and destroy snapshots of their home directory. A backup + user could be assigned the permissions required to make use of + the ZFS replication features without requiring root access, or + isolate a usage collection script to run as an unprivledged user + with access to only the space utilization data of all users. It + is even possible to delegate the ability to delegate + permissions. It is possible to delegate permissions over each + ZFS subcommand and most ZFS properties. + + + Delegating Dataset Creation + + Using the zfs allow + someuser create + mydataset command will + give the indicated user the required permissions to create + child datasets under the selected parent dataset. There is + a caveat, creating a new dataset involves mouting it, which + requires the vfs.usermount sysctl be + enabled in order to allow non-root users to mount a + filesystem. There is the further restriction that non-root + users must own the directory they are mounting the filesystem + to, in order to prevent abuse. + + + + Delegating Permission Delegation + + Using the zfs allow + someuser allow + mydataset command will + give the indicated user the ability to assign any permission + they have on the target dataset (or its children) to other + users. If a user has the snapshot + permission and the allow permission that + user can then grant the snapshot permission to some other + users. @@ -1062,7 +1110,7 @@ vfs.zfs.vdev.cache.size="5M"In a RAID-Z3 configuration with 8 disks of 1 TB, the volume would provide 5 TB of usable space and still be - able to operate with three faulted disks. Sun + able to operate with three faulted disks. &sun; recommends no more than 9 disks in a single vdev. If the configuration has more disks, it is recommended to divide them into separate vdevs and