http://wiki.zmanda.com/man/amzfs-snapshot.8.html
The manpage tells me to "zfs allow" the amanda user several privileges.
When I try to do that I get:
# zfs allow -ldu amanda mount,snapshot,destroy tank
internal error: /usr/lib/zfs/pyzfs.py not found
Anything I can do?
Is it not implemented (yet)?
Do I have to extend my gentoo-ebuild to support this in any way?
Thanks, Stefan
> Unfortunately, this is not implemented in zfs-fuse
any workaround?
If you're interested, we could work out a scheme that allows simple UNIX
group permission based stuff. But actual 'ZFS style' RBAC (role based)
is probably not simple.
Besides, this being all user-land, it will not be much of a protection
anyway. I'd go with root, or perhaps a simple zfs group that you can add
backup operators to.
$0.02
> PS. I think you have to register at the group to post
I am registered, I just have to take care to select the correct From:
address when I post here.
S
> Yes, make amanda root (for now).
hmm, ok ...
> If you're interested, we could work out a scheme that allows simple UNIX
> group permission based stuff. But actual 'ZFS style' RBAC (role based)
> is probably not simple.
> Besides, this being all user-land, it will not be much of a protection
> anyway. I'd go with root, or perhaps a simple zfs group that you can add
> backup operators to.
>
> $0.02
I don't really need that allow-stuff for anything else so far so I will
be cautious to be too enthusiastic here ;-)
So I will try the suggested approach soon.
Thanks, Stefan
(again the wrong FROM in the first try, sigh)
Notes:
1. it now works :)
2. zfsrc is missing (on purpose?)
3. the bashcompletion is in as well (for a non gentoo-er a "eselect
bashcomp enable zfs-fuse" is absolutely non-trivial. With
bash-completion in the USE flags, shouldn't it be automatic?
4. is it customary on gentoo that you have to manually 'rc-update add
zfs-fuse default'?
Evidence:
localhost ~ # emerge -pv zfs-fuse
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] sys-fs/zfs-fuse-0.6.9-r1 USE="bash-completion -debug" 0 kB
Total: 1 package (1 reinstall), Size of downloads: 0 kB
* IMPORTANT: 1 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.
localhost ~ # ps -f $(pgrep zfs-fuse)
UID PID PPID C STIME TTY STAT TIME CMD
root 7337 1 0 23:26 ? Ssl 0:00 zfs-fuse
Wow! ;-)
> Notes:
> 1. it now works :)
Yep ... fine.
> 2. zfsrc is missing (on purpose?)
Hm, no, not really. I wasn't part of the earlier ebuilds so this is kind
of just continuing doing it half wrong/right maybe.
Which default zfsrc should we add?
> 3. the bashcompletion is in as well (for a non gentoo-er a "eselect
> bashcomp enable zfs-fuse" is absolutely non-trivial. With
> bash-completion in the USE flags, shouldn't it be automatic?
good point .... sigh ....
> 4. is it customary on gentoo that you have to manually 'rc-update add
> zfs-fuse default'?
Yep.
:-)
S
> 3. the bashcompletion is in as well (for a non gentoo-er a "eselect
> bashcomp enable zfs-fuse" is absolutely non-trivial. With
> bash-completion in the USE flags, shouldn't it be automatic?
I think, no. Just rebuilt it with that USEflag and portage tells me to
run that command if I want the command-line completion for the package.
I assume this is wanted behavior:
The USE-flag enables the feature in the package, eselect allows you to
switch it on and off.
Stefan
>> Which default zfsrc should we add?
>>
> The one from contrib contains pretty sane defaults. I personally prefer
> -a 1 -e 1
Will forward that to the gentoo-devs tomorrow, late here already ....
>>> 4. is it customary on gentoo that you have to manually 'rc-update add
>>> zfs-fuse default'?
>>>
>> Yep.
>
> It was a long time since my last gentoo experience (2001.1 - or thereabouts)
Just delegate.
;-)
S
>> The USE-flag enables the feature in the package, eselect allows you to
>> switch it on and off.
>>
> Ok, I'll have to remember to read that output next time :)
Is this RTFO then?
S
>> Which default zfsrc should we add?
>>
> The one from contrib contains pretty sane defaults. I personally prefer
> -a 1 -e 1
I don't understand this right now. What do you mean with "-a 1 -e 1"?
Can't find that in the mentioned file.
Thanks, Stefan
> Sorry - I'm brief under time pressure; do a zfs-fuse -h or man zfs-fuse
> to see what I mean. zfsrc only allows long option names and I have a
> very bad memory for the exact spelling :)
got it, thanks!
> Does this integrate with the 'etc-update' way of merging on upgrades, in
> case users have modified their zfsrc?
Good point, I thought of this as well.
In my tests here it does not replace the existing file.
Asked Samuli again ;-)
S