Date: Wed, 22 Oct 2008 19:16:25 +0800 From: lhmwzy <lhmwzy@gmail.com> To: "Jeremy Chadwick" <koitsu@freebsd.org> Cc: freebsd-stable@freebsd.org Subject: Re: non-root user can not create zfs filesystem? Message-ID: <78fb9d960810220416u5616d975je141b3816b7eef9b@mail.gmail.com> In-Reply-To: <20081022110503.GA56254@icarus.home.lan> References: <78fb9d960810220213l2dfc1b39ja717948c4913c360@mail.gmail.com> <20081022091949.GA53829@icarus.home.lan> <78fb9d960810220354u4a6ac8cy3975c2e309dd6b9a@mail.gmail.com> <20081022110503.GA56254@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Tks very much for your reply. I'm very sorry for the last mail,I didn't see the CC is empty,I'm not deliberately. 2008/10/22 Jeremy Chadwick <koitsu@freebsd.org>: > On Wed, Oct 22, 2008 at 06:54:49PM +0800, lhmwzy wrote: >> hmm... >> I transfer data to a remote machine use zfs. >> for example: >> >> #zfs send pool/www@today | ssh -l lhm 10.67.141.80 zfs receive www/102 >> >> If login into 10.67.141.80 throught non-root user,it says: >> cannot receive: permission denied >> cannot send 'pool/www@today': Broken pipe >> >> But login into a remote machine use root through ssh is not a good idea,right? >> >> >> 2008/10/22 Jeremy Chadwick <koitsu@freebsd.org>: >> > On Wed, Oct 22, 2008 at 05:13:21PM +0800, lhmwzy wrote: >> >> $zfs create www/lhm >> >> cannot create 'www/lhm': permission denied >> >> >> >> How to do this or when can do this? >> > >> > Creating a filesystem is something that can only be done by root. I'm >> > not sure what gave you the impression non-root users can do this...? > > This problem has nothing to do with ZFS, it has to do with SSH. > > You need to do a few things for this to work. Here's a very quick way: > > 1) Make a public key on the machine you're doing "zfs send" from. > Run ssh-keygen as root > 2) Place contents of /root/.ssh/id_rsa.pub in /root/.ssh/authorized_keys > on 10.67.141.80. Make sure the /root/.ssh directory is perm 0700, > and authorized_keys is perm 0600. > 3) On 10.67.141.80, edit /etc/ssh/sshd_config and change this line: > > #PermitRootLogin no > > ...to: > > PermitRootLogin without-password > > 4) Send a SIGHUP signal to the master sshd process. This might > disconnect any existing SSH sessions to the machine: > > kill -HUP `cat /var/run/sshd.pid` > > > If you're concerned about what "without-password" does, read the man > page. It WILL NOT let people SSH into the root account, UNLESS they > have the private key (on zfs_send_host). That's the ONLY WAY they can > get in as root. > > You may want to secure things down a bit more by editing > /root/.ssh/authorized_keys on 10.67.141.80 to only allow certain > commands to be executed (specifically "zfs receive"). You can look on > Google for how to do this. > > Finally, why did you remove the mailing list from the CC list? Now > no one knows what we've discussed, which isn't good. > > -- > | Jeremy Chadwick jdc at parodius.com | > | Parodius Networking http://www.parodius.com/ | > | UNIX Systems Administrator Mountain View, CA, USA | > | Making life hard for others since 1977. PGP: 4BD6C0CB | > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78fb9d960810220416u5616d975je141b3816b7eef9b>