SOLVED ZFS User Properties & admin delegation

[jjb2018]

Hi folks,

Anybody ever made use of User Properties for datasets/snapshots?
In the ZFS man pages I read about User Properties, so I thought I would experiment a little. I have a potential use for this which would require an unprivileged user to be able to set User Properties on snapshots of a dataset. This is what I've tried so far:
1. create a new dataset ...
sudo zfs create zfsdata/test
2. allow admin privileges ...
sudo zfs allow -u justin create,destroy,snapshot,mount zfsdata/test
3. now as "justin" create a snapshot ...
zfs snapshot zfsdata/test@snap1
4. as "justin" try to set a User Property for the snapshot ...
zfs set home.jb:myproperty=testing123 zfsdata/test@snap1
results in ...
cannot set property for 'zfsdata/test@snap1': permission denied

However I am able to set User Properties on any dataset or snapshot as the root user (just using sudo).
So is it simply not possible to set User Properties as unprivileged users? Does anybody know of a way to do this?

Thanks in advance - JB

 

[kdragon75]

Looking through https://docs.oracle.com/cd/E19253-01/819-5461/gfkco/index.html and https://www.freebsd.org/doc/handbook/zfs-zfs.html I'm not seing how to do this. Perhaps @Allan Jude might chime in?

 

[jjb2018]

That would be great if he could! I'm 3/4 of the way through "FreeBSD Mastery: ZFS" and I haven't come across a solution to this yet ;-) (otherwise a very interesting & informative read!).

 

[kdragon75]

That would be great if he could! I'm 3/4 of the way through "FreeBSD Mastery: ZFS" and I haven't come across a solution to this yet ;-) (otherwise a very interesting & informative read!).

I've been looking at getting that and the advanced book. I have a few other things I need to get done first but I would love to get into BSD in general. BSD and VMware are both just fantastic to work with.

 

[kdragon75]

Taking a second look, it seems you can only delegate permission to modify properties that exist. This would explain why we cannot add properties.

 

[jjb2018]

Yes I'll be getting the advanced book once i'm done with the above mentioned one. The trouble is it takes me ages to get through these sorts of books as I'm stopping every couple of pages or so to experiment .... my poor wife ....
I've been a linux user for quite a while now, with ZoL. I've only recently built my first FreeNAS box and it's my first experience with BSD at all. So far so good!

 

[jjb2018]

Taking a second look, it seems you can only delegate permission to modify properties that exist. This would explain why we cannot add properties.

Hmmmm ... how did you come to that conclusion? I'm not sure about that because I've already tried to create the User Property in the root dataset of the pool, so that the dataset & snapshots that I want to work with inherit the User Property, and I still cannot modify the property ....

Ah hang on a second! I just saw this in the man pages ...
userprop other Allows changing any user property
and that works!
It looks like it's not possible to set the User Property when the snapshot is created like so ...
zfs snapshot -o home.jb:myproperty=testing123 zfsdata/test@snap1

But I can create the snapshot first and then set the property ...
zfs snapshot zfsdata/test@snap1
zfs set home.jb:myproperty=testing123 zfsdata/test@snap1
The User Property does not have to already exist (by inheritance) for this to work.
Awesome.