ZFS ZFS dataset permissions

[einsibjani]

I've setup archivers/urbackup-server on a server with ZFS.
urbackup uses a helper program, urbackup_snapshot_helper which is setuid to manage snapshots. The problem is I want to run the urbackup server program as the user urbackup, but it can't write to the datasets the helper program creates. I've asked in the urbackup forums, but I don't expect to get much except "run it as root".

I have these permissions set on the parent dataset:

# zfs allow data/urbackup
---- Permissions on data/urbackup ------------------------------------
Local+Descendent permissions:
user urbackup clone,create,destroy,diff,hold,mount,promote,release,rename,rollback,snapshot

I've experimented with setfacl, but it doesn't work.

Is there a good way of making urbackup the owner of a dataset and all child datasets, now and in the future, with full access?

 

[Alain De Vos]

zfs allow -u username permissions pool/dataset

username is a name in your /etc/passwd file.
I don't know if this property is inherited by the child datasets, I think so.

 

[einsibjani]

zfs allow -u username permissions pool/dataset

username is a name in your /etc/passwd file.
I don't know if this property is inherited by the child datasets, I think so.

# zfs allow -u urbackup permissions data/urbackup
cannot set permissions on 'data/urbackup': operation not applicable to datasets of this type

I can't find anything about the "permissions" permissions. Did you mean it as a placeholder for the correct permissions to set?

 

[Alain De Vos]

permissions is one of or multiple of "snapshot,rollback,destroy,mount,create,clone,..."

 

[einsibjani]

permissions is one of or multiple of "snapshot,rollback,destroy,mount,create,clone,..."

Like I showed in my OP, I've already allowed all permissions I could think of. The problem is that snapshots are created and mounted by root, but the server process runs as the user urbackup. I'm looking for something like NFS uid option so urbackup is the owner of every file created in the dataset (and all descendants). A way to force the owner of child datasets to the owner of the parent, regardless of who created the dataset maybe?

 

[SirDice]

I think your confusion stems mostly from not understanding the difference between ZFS permissions (which are set with zfs allow) and filesystem permissions (chmod(1), setfacl(1)) that are in effect when the dataset is mounted. Those two have nothing to do with each other.

ZFS permissions are for the creation, cloning, snapshots, etc. of a dataset itself. They have nothing to do with the filesystem permissions that are set on the files and directories that happen to be in that dataset.

Backup software should run as root or it simply will not be able to access everything (and thus can't back it up).

 

[einsibjani]

I think your confusion stems mostly from not understanding the difference between ZFS permissions (which are set with zfs allow) and filesystem permissions (chmod(1), setfacl(1)) that are in effect when the dataset is mounted. Those two have nothing to do with each other.

Yes, I agree, but I've been experimenting with both to get the result I want. ZFS permissions would mean urbackup_snapshot_helper wouldn't have to be setuid root, but going down that path requires a patch to urbackup since it assumes and checks if it's running with uid 0.

I experimented with setfacl, but I couldn't get child datasets to inherit the acl I set on the parent.

 

[mer]

Isn't there a sysctl to allow user mount permissions?

 

[Alain De Vos]

Datasets don't have an owner. Users can have delegated rights to execute certain zfs commands on datasets.If a certain user has the right to "zfs mount" does not mean this user has the right to execute "/sbin/mount". The underlying filesystem in a dataset e.g. a directory in it has an owner, but this is a seperate ownership from the delegated rights.
There is one sysctl "vfs.usermount=1" , this allows unpreviliged users to /sbin/mount and unmount filesystems.

 

[einsibjani]

True, and trying to solve the issue of regular users mounting would still leave me with patching urbackup since the helper runs setuid root and enforces it. So the other way means giving the urbackup user permissions to read and write to datasets created by root.

setfacl -m u:urbackup:full_set:fd:allow /var/backups/files
zfs set aclinherit=passthrough data/urbackup/files

Datasets created by root, i.e. data/urbackup/files/210615-1010 and mounted on /var/backups/files/210615-1010 don't inherit the acl.

 

[Alain De Vos]

So it does not look like a zfs problem but rather an acl problem.

 

[einsibjani]

I actually went into the code of urbackup_snapshot_helper, and it tries to call chown() on the new mounted dataset. There is a bug in the code, it passes the dataset path instead of the filesystem path to chown. I've created a patch that gets the correct mountpoint by calling "zfs get -H -o value mountpoint PATH". Any C++ experts know of a better way to get the mountpoint than using popen to call zfs get?

 

[Ofloo]

I got this issue as well tried to set command recv to the allow, however then I read the man pages again and it showed me that the subcommand name was not recv but receive.

# zfs allow backup_tank
---- Permissions on backup_tank --------------------------------------
Local+Descendent permissions:
    user backup receive