From owner-svn-src-projects@FreeBSD.ORG  Mon Dec 17 19:00:53 2012
Return-Path: <owner-svn-src-projects@FreeBSD.ORG>
Delivered-To: svn-src-projects@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 5C557291;
 Mon, 17 Dec 2012 19:00:53 +0000 (UTC)
 (envelope-from linimon@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 277248FC1A;
 Mon, 17 Dec 2012 19:00:53 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
 by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qBHJ0rRU045836;
 Mon, 17 Dec 2012 19:00:53 GMT (envelope-from linimon@svn.freebsd.org)
Received: (from linimon@localhost)
 by svn.freebsd.org (8.14.5/8.14.5/Submit) id qBHJ0r4a045835;
 Mon, 17 Dec 2012 19:00:53 GMT (envelope-from linimon@svn.freebsd.org)
Message-Id: <201212171900.qBHJ0r4a045835@svn.freebsd.org>
From: Mark Linimon <linimon@FreeBSD.org>
Date: Mon, 17 Dec 2012 19:00:52 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-projects@freebsd.org
Subject: svn commit: r244361 - projects/portbuild/tools
X-SVN-Group: projects
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-projects@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "SVN commit messages for the src &quot; projects&quot;
 tree" <svn-src-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-projects>
List-Post: <mailto:svn-src-projects@freebsd.org>
List-Help: <mailto:svn-src-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-projects>, 
 <mailto:svn-src-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Dec 2012 19:00:53 -0000

Author: linimon (doc,ports committer)
Date: Mon Dec 17 19:00:52 2012
New Revision: 244361
URL: http://svnweb.freebsd.org/changeset/base/244361

Log:
  First pass at a script that allows the delegation of most useful ZFS
  permissions to the 'portbuild' user.

Added:
  projects/portbuild/tools/zfsadmin   (contents, props changed)

Added: projects/portbuild/tools/zfsadmin
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ projects/portbuild/tools/zfsadmin	Mon Dec 17 19:00:52 2012	(r244361)
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+# server-side script to setup delegated zfs administration.  Should be run as root.
+
+# configurable variables
+pbc=${PORTBUILD_CHECKOUT:-/var/portbuild}
+pbd=${PORTBUILD_DATA:-/var/portbuild}
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:${pbc}/scripts
+
+if [ `id -u` != 0 ]; then
+    echo "$0 must be run as root."
+    exit 1
+fi
+if [ ! -e ${pbc}/conf/server.conf ] ; then
+    echo "You must first create ${pbc}/conf/server.conf."
+    exit 1
+fi
+. ${pbc}/conf/server.conf
+
+if [ -z "${ZFS_VOLUME}" ]; then
+    echo "You must define ZFS_VOLUME in ${pbc}/conf/server.conf."
+    exit 1
+fi
+if [ -z "${ZFS_PERMISSIONSET}" ]; then
+    echo "You must define ZFS_PERMISSIONSET in ${pbc}/conf/server.conf."
+    exit 1
+fi
+if [ -z "${PORTBUILD_USER}" ]; then
+    echo "You must define PORTBUILD_USER in ${pbc}/conf/server.conf."
+    exit 1
+fi
+
+# create the "zfsadmin" permission set.
+zfs allow -s @zfsadmin ${ZFS_PERMISSIONSET} ${ZFS_VOLUME}
+
+# delegate the "zfsadmin" permission set to the PORTBUILD_USER.
+zfs allow -u ${PORTBUILD_USER} @zfsadmin ${ZFS_VOLUME}
+
+echo "result of operation:"
+zfs allow ${ZFS_VOLUME}