Why permission denied for this ZFS user?

[littlesandra88]

Hi,

I would like to have a zfs user that can do some zfs commands, so I can run a script as this user, and not have to run it as root.

Question

Any ideas what is wrong?

This is what I did

pw useradd zfs -s /usr/local/bin/bash -d /home/zfs
mkdir -p /home/zfs
chown zfs /home/zfs/

zfs allow -u zfs create,destroy tank3
setfacl -m user:zfs:full_set:fd:allow /tank3

su -m zfs -c "zfs create tank3/gggdfsdf"

cannot create 'tank3/gggdfsdf': permission denied

# zfs allow tank3
---- Permissions on tank3 --------------------------------------------
Local+Descendent permissions:
	user zfs create,destroy


# getfacl /tank3/
# file: /tank3/
# owner: root
# group: wheel
          user:zfs:rwxpDdaARWcCos:fd----:allow
            owner@:rwxp--aARWcCos:------:allow
            group@:r-x---a-R-c--s:------:allow
         everyone@:r-x---a-R-c--s:------:allow

 

[usdmatt]

According to the ZFS man page

         create           subcommand     Must also have the 'mount' ability
         destroy          subcommand     Must also have the 'mount' ability

So try giving the user create,mount,destroy permissions.

 

[littlesandra88]

@usdmatt

# su -m zfs -c "zfs create tank3/gggdfsdf"
cannot mount 'tank3/gggdfsdf': Insufficient privileges
filesystem successfully created, but not mounted

Awesome. Thanks a lot =)

 

[SirDice]

If mounting needs to work you might also need to set the sysctl(8) vfs.usermount.

 

[littlesandra88]

@SirDice

That was just what I needed, and congratulations on your 13.000th post =)

 

[Sebulon]

Just thinking out load here about maybe it´s asking for problems down the line when creating a user called "zfs" to do "zfs" commands? Like creating a user called "cp" to do "cp" commands, you know? Maybe it´s nothing but perhaps worth bringing up.

/Sebulon