zfs destroy
will not destroy a
dataset that is mounted in use by the system, just as
gpart delete
will not destroy a partition that contains a mounted filesystem, and
umount
will not unmount a filesystem while it is in use. ZFS will actively avoid executing any command that could potentially damage a running system. It will not, however, prevent the user from making mistakes while performing operations not necessarily damaging to the system itself. There's an important distinction there. The
rm(1) command contains the
-i
flag, which asks the user for confirmation before deleting a file. Some people think it's a good idea to set
rm -i
as an alias to
rm
, so as to warn the user every time a file is to be deleted. Now how long do you suppose a relatively competent user would tolerate that before they started reflexively hitting 'y' every time the confirmation prompt popped up? Or just disabled the alias entirely?
Crest says that a chainsaw "shouldn't be designed to maim on purpose." It's not, but it will maim all the same, because it's function is (in an immediate context) inherently destructive. But under most circumstances one only uses a chainsaw to
destroy what is immediately present so as to
construct a space for something believed to be better. In rare cases, someone might intentionally use a chainsaw to cut someone's leg off. Between the two extremes lies the possibility for someone intending to construct a space to instead destroy their own or someone else's leg. In the immediate context it makes no difference if the chainsaw is destroying a tree trunk or someone's leg. The function and act are the same; only the consequences are different. The chainsaw doesn't actively seek out human bodies---it just spins its chain of blades rapidly so as to cut through anything with which it comes into contact. This is just my long-winded, pretentiously philosophical way of saying it is up to the person using the chainsaw to ensure it gets used as intended.
It's generally true that the purpose of ZFS is to safeguard data, but to what extent should that be done? There are already utilities that help with this without the need to nag the user---snapshots, clones, disabling the modification of certain properties. In any case, partitions (or their zvol equivalent) should not be resized or moved without a proper backup in place beforehand, and to be blunt, if
Jay_Jay had just cloned the dataset or taken a snapshot moments before doing this, there wouldn't be any problem. As a side note, I'd warn anyone using ZFS to beware the Peltzman Effect. Don't assume that next-gen tech running on a stupid machine will take care of things for you.
EDIT: Actually,
zfs destroy
will not avoid destroying a dataset just because it is mounted. This was a stupidly bad choice of words on my part. But it will not destroy a dataset that system processes are interacting with, just like a filesystem can't be unmounted or its partition destroyed while it is in use by the system.