community.general.zfs_delegate_admin – Manage ZFS delegated administration (user admin privileges)

From Get docs
Ansible/docs/2.10/collections/community/general/zfs delegate admin module


community.general.zfs_delegate_admin – Manage ZFS delegated administration (user admin privileges)

Note

This plugin is part of the community.general collection (version 1.3.2).

To install it use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.zfs_delegate_admin.


Synopsis

  • Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
  • See the zfs allow section of zfs(1M) for detailed explanations of options.
  • This module attempts to adhere to the behavior of the command line tool as much as possible.

Requirements

The below requirements are needed on the host that executes this module.

  • A ZFS/OpenZFS implementation that supports delegation with zfs allow, including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.

Parameters

Parameter Choices/Defaults Comments

descendents

boolean

  • no
  • yes

Apply permissions to name's descendents (zfs allow -d).

everyone

boolean

  • no

  • yes

Apply permissions to everyone.

groups

list / elements=string

List of groups to whom permission(s) should be granted.

local

boolean

  • no
  • yes

Apply permissions to name locally (zfs allow -l).

name

string / required

File system or volume name e.g. rpool/myfs.

permissions

list / elements=string

  • allow
  • clone
  • create
  • destroy
  • diff
  • hold
  • mount
  • promote
  • readonly
  • receive
  • release
  • rename
  • rollback
  • send
  • share
  • snapshot
  • unallow

The list of permission(s) to delegate (required if state is present).

recursive

boolean

  • no

  • yes

Unallow permissions recursively (ignored when state is present).

state

string

  • absent

  • present

Whether to allow (present), or unallow (absent) a permission.

When set to present, at least one "entity" param of users, groups, or everyone are required.

When set to absent, removes permissions from the specified entities, or removes all permissions if no entity params are specified.

users

list / elements=string

List of users to whom permission(s) should be granted.



Examples

- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope
  community.general.zfs_delegate_admin:
    name: rpool/myfs
    users: adm
    permissions: allow,unallow

- name: Grant `zfs send` to everyone, plus the group `backup`
  community.general.zfs_delegate_admin:
    name: rpool/myvol
    groups: backup
    everyone: yes
    permissions: send

- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only
  community.general.zfs_delegate_admin:
    name: rpool/myfs
    users: foo,bar
    permissions: send,receive
    local: yes

- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain)
  community.general.zfs_delegate_admin:
    name: rpool/myfs
    everyone: yes
    state: absent

Authors

  • Nate Coraor (@natefoo)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/community/general/zfs_delegate_admin_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.10/collections/community/general/zfs_delegate_admin_module&oldid=57372"
Powered by MediaWiki