Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zfs snapshot -o user:prop does not work with delegation #9179

Closed
avg-I opened this issue Aug 19, 2019 · 0 comments
Closed

zfs snapshot -o user:prop does not work with delegation #9179

avg-I opened this issue Aug 19, 2019 · 0 comments

Comments

@avg-I
Copy link
Contributor

avg-I commented Aug 19, 2019

As root, set up a test dataset and delegations for it.
I will use group wheel in this example:

$ zfs create rpool/test
$ zfs allow -g wheel userprop rpool/test
$ zfs allow -g wheel snapshot rpool/test
zfs allow rpool/test
---- Permissions on rpool/test ---------------------------------------
Local+Descendent permissions:
        group wheel snapshot,userprop

Now, as a user in wheel:

$ id
uid=1001(avg) gid=0(wheel) groups=0(wheel),2(kmem),5(operator),20(staff)
$ zfs snapshot -o org.freebsd.avg:myprop=test rpool/test@test1
cannot create snapshots : permission denied

The same command works fine as root.
Also, zfs snapshot + zfs set work individually for a user in wheel.
@avg-I avg-I mentioned this issue Aug 19, 2019
Merged
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Sep 17, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
a252e33 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes openzfs#9179 
Closes openzfs#9180
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Sep 18, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
3f5c9fc 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes openzfs#9179 
Closes openzfs#9180
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Sep 18, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
2b5ff67 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes openzfs#9179 
Closes openzfs#9180
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Sep 18, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
c3c0657 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes openzfs#9179 
Closes openzfs#9180
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Sep 19, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
b0b7eed 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes openzfs#9179 
Closes openzfs#9180
tonyhutter pushed a commit to tonyhutter/zfs that referenced this issue Sep 23, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
8704117 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes openzfs#9179 
Closes openzfs#9180
tonyhutter pushed a commit that referenced this issue Sep 26, 2019
@avg-I @tonyhutter
zfs_ioc_snapshot: check user-prop permissions on snapshotted datasets
931bef8 
Previously, the permissions were checked on the pool which was obviously
incorrect.

After this change, zfs_check_userprops() only validates the properties
without any permission checks.  The permissions are checked individually
for each snapshotted dataset.

Reviewed-by: Brian Behlendorf <[email protected]>
Reviewed-by: Matt Ahrens <[email protected]>
Signed-off-by: Andriy Gapon <[email protected]>
Closes #9179
Closes #9180
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@avg-I