zfs allow: should it work?

111 views
Skip to first unread message

Stefan G. Weichinger

unread,
Jun 22, 2010, 3:33:18 PM6/22/10
to zfs-...@googlegroups.com

I tried to configure my backup to use the application of the AMANDA
backup suite which uses zfs snapshots:

http://wiki.zmanda.com/man/amzfs-snapshot.8.html

The manpage tells me to "zfs allow" the amanda user several privileges.
When I try to do that I get:

# zfs allow -ldu amanda mount,snapshot,destroy tank
internal error: /usr/lib/zfs/pyzfs.py not found

Anything I can do?
Is it not implemented (yet)?
Do I have to extend my gentoo-ebuild to support this in any way?

Thanks, Stefan

sgheeren

unread,
Jun 22, 2010, 4:57:17 PM6/22/10
to zfs-...@googlegroups.com
Unfortunately, this is not implemented in zfs-fuse

Stefan G. Weichinger

unread,
Jun 22, 2010, 5:11:30 PM6/22/10
to zfs-...@googlegroups.com, sgheeren
Am 22.06.2010 22:57, schrieb sgheeren:

> Unfortunately, this is not implemented in zfs-fuse

any workaround?

sgheeren

unread,
Jun 22, 2010, 7:13:37 PM6/22/10
to zfs-...@googlegroups.com
Yes, make amanda root (for now).

If you're interested, we could work out a scheme that allows simple UNIX
group permission based stuff. But actual 'ZFS style' RBAC (role based)
is probably not simple.
Besides, this being all user-land, it will not be much of a protection
anyway. I'd go with root, or perhaps a simple zfs group that you can add
backup operators to.

$0.02

sgheeren

unread,
Jun 22, 2010, 7:14:17 PM6/22/10
to zfs-...@googlegroups.com
On 06/22/2010 10:57 PM, sgheeren wrote:
PS. I think you have to register at the group to post

Stefan G. Weichinger

unread,
Jun 23, 2010, 5:22:53 AM6/23/10
to zfs-...@googlegroups.com, sgheeren
Am 23.06.2010 01:14, schrieb sgheeren:

> PS. I think you have to register at the group to post

I am registered, I just have to take care to select the correct From:
address when I post here.

S

Stefan G. Weichinger

unread,
Jun 23, 2010, 5:28:21 AM6/23/10
to zfs-...@googlegroups.com, sgheeren
Am 23.06.2010 01:13, schrieb sgheeren:

> Yes, make amanda root (for now).

hmm, ok ...

> If you're interested, we could work out a scheme that allows simple UNIX
> group permission based stuff. But actual 'ZFS style' RBAC (role based)
> is probably not simple.
> Besides, this being all user-land, it will not be much of a protection
> anyway. I'd go with root, or perhaps a simple zfs group that you can add
> backup operators to.
>
> $0.02

I don't really need that allow-stuff for anything else so far so I will
be cautious to be too enthusiastic here ;-)

So I will try the suggested approach soon.
Thanks, Stefan

(again the wrong FROM in the first try, sigh)

sgheeren

unread,
Jun 23, 2010, 5:31:19 PM6/23/10
to zfs-...@googlegroups.com
On 06/23/2010 12:34 PM, sgheeren wrote:
> Amazing! Although I can't say I tested it :)
>
I did just test it ;)

Notes:
1. it now works :)
2. zfsrc is missing (on purpose?)
3. the bashcompletion is in as well (for a non gentoo-er a "eselect
bashcomp enable zfs-fuse" is absolutely non-trivial. With
bash-completion in the USE flags, shouldn't it be automatic?
4. is it customary on gentoo that you have to manually 'rc-update add
zfs-fuse default'?

Evidence:
localhost ~ # emerge -pv zfs-fuse

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] sys-fs/zfs-fuse-0.6.9-r1 USE="bash-completion -debug" 0 kB

Total: 1 package (1 reinstall), Size of downloads: 0 kB

* IMPORTANT: 1 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.

localhost ~ # ps -f $(pgrep zfs-fuse)
UID PID PPID C STIME TTY STAT TIME CMD
root 7337 1 0 23:26 ? Ssl 0:00 zfs-fuse

Stefan G. Weichinger

unread,
Jun 23, 2010, 5:48:48 PM6/23/10
to zfs-...@googlegroups.com
Am 23.06.2010 23:31, schrieb sgheeren:
> On 06/23/2010 12:34 PM, sgheeren wrote:
>> Amazing! Although I can't say I tested it :)
>>
> I did just test it ;)

Wow! ;-)

> Notes:
> 1. it now works :)

Yep ... fine.

> 2. zfsrc is missing (on purpose?)

Hm, no, not really. I wasn't part of the earlier ebuilds so this is kind
of just continuing doing it half wrong/right maybe.

Which default zfsrc should we add?

> 3. the bashcompletion is in as well (for a non gentoo-er a "eselect
> bashcomp enable zfs-fuse" is absolutely non-trivial. With
> bash-completion in the USE flags, shouldn't it be automatic?

good point .... sigh ....

> 4. is it customary on gentoo that you have to manually 'rc-update add
> zfs-fuse default'?

Yep.

:-)

S

sgheeren

unread,
Jun 23, 2010, 5:58:22 PM6/23/10
to zfs-...@googlegroups.com
On 06/23/2010 11:48 PM, Stefan G. Weichinger wrote:
> Am 23.06.2010 23:31, schrieb sgheeren:
>
>> On 06/23/2010 12:34 PM, sgheeren wrote:
>>
>>> Amazing! Although I can't say I tested it :)
>>>
>>>
>> I did just test it ;)
>>
> Wow! ;-)
>
>
>> Notes:
>> 1. it now works :)
>>
> Yep ... fine.
>
>
>> 2. zfsrc is missing (on purpose?)
>>
> Hm, no, not really. I wasn't part of the earlier ebuilds so this is kind
> of just continuing doing it half wrong/right maybe.
>
> Which default zfsrc should we add?
>
The one from contrib contains pretty sane defaults. I personally prefer
-a 1 -e 1

>
>> 3. the bashcompletion is in as well (for a non gentoo-er a "eselect
>> bashcomp enable zfs-fuse" is absolutely non-trivial. With
>> bash-completion in the USE flags, shouldn't it be automatic?
>>
> good point .... sigh .... (add --global then? so it works for all users)

>
>
>> 4. is it customary on gentoo that you have to manually 'rc-update add
>> zfs-fuse default'?
>>
> Yep.
>
> :-)
>
> S
>
>
It was a long time since my last gentoo experience (2001.1 - or thereabouts)

Stefan G. Weichinger

unread,
Jun 23, 2010, 6:08:21 PM6/23/10
to zfs-...@googlegroups.com
Am 23.06.2010 23:31, schrieb sgheeren:

> 3. the bashcompletion is in as well (for a non gentoo-er a "eselect
> bashcomp enable zfs-fuse" is absolutely non-trivial. With
> bash-completion in the USE flags, shouldn't it be automatic?

I think, no. Just rebuilt it with that USEflag and portage tells me to
run that command if I want the command-line completion for the package.

I assume this is wanted behavior:

The USE-flag enables the feature in the package, eselect allows you to
switch it on and off.

Stefan

sgheeren

unread,
Jun 23, 2010, 6:16:38 PM6/23/10
to zfs-...@googlegroups.com
Ok, I'll have to remember to read that output next time :)

Stefan G. Weichinger

unread,
Jun 23, 2010, 6:28:17 PM6/23/10
to zfs-...@googlegroups.com
Am 23.06.2010 23:58, schrieb sgheeren:

>> Which default zfsrc should we add?
>>
> The one from contrib contains pretty sane defaults. I personally prefer
> -a 1 -e 1

Will forward that to the gentoo-devs tomorrow, late here already ....

>>> 4. is it customary on gentoo that you have to manually 'rc-update add
>>> zfs-fuse default'?
>>>
>> Yep.
>

> It was a long time since my last gentoo experience (2001.1 - or thereabouts)

Just delegate.

;-)

S


Stefan G. Weichinger

unread,
Jun 23, 2010, 6:29:01 PM6/23/10
to zfs-...@googlegroups.com
Am 24.06.2010 00:16, schrieb sgheeren:

>> The USE-flag enables the feature in the package, eselect allows you to
>> switch it on and off.
>>

> Ok, I'll have to remember to read that output next time :)

Is this RTFO then?
S


Stefan G. Weichinger

unread,
Jun 24, 2010, 5:43:27 AM6/24/10
to zfs-...@googlegroups.com
Am 23.06.2010 23:58, schrieb sgheeren:

>> Which default zfsrc should we add?
>>
> The one from contrib contains pretty sane defaults. I personally prefer
> -a 1 -e 1

I don't understand this right now. What do you mean with "-a 1 -e 1"?
Can't find that in the mentioned file.

Thanks, Stefan

sgheeren

unread,
Jun 24, 2010, 5:56:44 AM6/24/10
to zfs-...@googlegroups.com
Sorry - I'm brief under time pressure; do a zfs-fuse -h or man zfs-fuse
to see what I mean. zfsrc only allows long option names and I have a
very bad memory for the exact spelling :)

Stefan G. Weichinger

unread,
Jun 24, 2010, 6:29:47 AM6/24/10
to zfs-...@googlegroups.com
Am 24.06.2010 11:56, schrieb sgheeren:

> Sorry - I'm brief under time pressure; do a zfs-fuse -h or man zfs-fuse
> to see what I mean. zfsrc only allows long option names and I have a
> very bad memory for the exact spelling :)

got it, thanks!


Stefan G. Weichinger

unread,
Jun 24, 2010, 6:55:23 AM6/24/10
to zfs-...@googlegroups.com

sgheeren

unread,
Jun 24, 2010, 6:58:45 AM6/24/10
to zfs-...@googlegroups.com
Does this integrate with the 'etc-update' way of merging on upgrades, in
case users have modified their zfsrc?

Stefan G. Weichinger

unread,
Jun 24, 2010, 7:23:31 AM6/24/10
to zfs-...@googlegroups.com
Am 24.06.2010 12:58, schrieb sgheeren:

> Does this integrate with the 'etc-update' way of merging on upgrades, in
> case users have modified their zfsrc?

Good point, I thought of this as well.
In my tests here it does not replace the existing file.
Asked Samuli again ;-)

S

Reply all
Reply to author
Forward
0 new messages