[zfs-discuss] /dev/zfs permission denied ; zfs send/recv over ssh

Milan Knížek knizek.confy at gmail.com
Tue Nov 20 12:51:46 EST 2012


Ruurd Rutger Nijdam píše v Út 20. 11. 2012 v 11:17 +0100:
> adding sudo did not work either.
> 

zfs send banaan at nov162012 | \
ssh administrator at 10.42.16.1 sudo zfs recv -d vol0/td-ruurd

Make sure that sudo works for administrator at 10.42.16.1
and setup a rule that does not require a password for this user:

/etc/sudoers.d/zfs
administrator ALL=(root) NOPASSWD:/usr/sbin/zfs recv*

Milan

> 
> On 17-11-2012 14:22, Sam M wrote:
> > Am new at this, but since I was having similar problems, let me see if 
> > I can help.
> >
> > Can you create snapshots on Machine 2 (M2) under username 
> > administrator? I see you are receiving with that username on M2.
> >
> > Or try this -
> >
> > 1. On M2 create group 'zfs'
> >
> > 2. Assign group to user 'administrator'
> >
> > 2. On M2, create the following file -
> > root at eucalyptus:~# cat /etc/udev/rules.d/91-zfs-permissions.rules
> > # Use this to add a group and more permissive permissions for zfs
> > # so that you don't always need run it as root.  beware, users not root
> > # can do nearly EVERYTHING, including, but not limited to destroying
> > # volumes and deleting datasets.  they CANNOT mount datasets or create new
> > # volumes, export datasets via NFS, or other things that require root
> > # permissions outside of ZFS.
> > ACTION=="add", KERNEL=="zfs", MODE="0660", GROUP="zfs"
> >
> > 2. Reboot, or reload udev or try 'udevadm trigger --action=add' [tried 
> > 'udevadm control --action=add' first, this does nothing, found out 
> > after many attempts]
> >
> > 3. Now -
> > root at eucalyptus:~# ll /dev/zfs
> > crw-rw---- 1 root zfs 10, 57 Nov 17 18:46 /dev/zfs
> >
> > 4. At this point user administrator should be able to do all sorts of 
> > stuff to the zpool.
> >
> > Sam
> >
> >
> >
> > On 17 November 2012 18:13, Ruurd Rutger Nijdam <ruurd at rrncs.net 
> > <mailto:ruurd at rrncs.net>> wrote:
> >
> >     hello everybody,
> >
> >     Thanks for this mailing list, I have been following and learning
> >     from it for 1 year now.
> >
> >     I have been trying to set up a send receive backup scheme using
> >     zfs, but I seem to run in to a permission denied problem.
> >
> >     local machine:
> >
> >     root at td-ruurd:~# zfs list -t snapshot
> >     NAME               USED  AVAIL  REFER  MOUNTPOINT
> >     banaan at nov162012      0      -    43K  -
> >     root at td-ruurd:~# zfs list
> >     NAME                   USED  AVAIL  REFER  MOUNTPOINT
> >     banaan                 270G   644G    43K  /banaan
> >     banaan/ROOT           5.77G   644G  46.5K  /mnt/ROOT
> >     banaan/ROOT/ubuntu-1  5.77G   644G  5.77G  /
> >     banaan/home            264G   644G   264G  /home
> >
> >     remote machine:
> >
> >     root at files:~# zfs list -t snapshot
> >     no datasets available
> >     root at files:~# zfs list
> >     NAME            USED  AVAIL  REFER  MOUNTPOINT
> >     vol0           6.55T   593G  6.50T  /mnt/vol0
> >     vol0/apache2    288K   593G   288K  /etc/apache2/
> >     vol0/backups   17.4G   593G  17.4G  /var/backups
> >     vol0/bind      12.1M   593G  12.1M  /etc/bind
> >     vol0/dhcp3     78.9K   593G  78.9K  /etc/dhcp
> >     vol0/home      34.7G   593G  34.7G  /home
> >     vol0/samba     82.9K   593G  82.9K  /etc/samba/
> >     vol0/scripts   12.6M   593G  12.6M  /etc/scripts
> >     vol0/td-ruurd  53.9K   593G  53.9K  /mnt/vol0/td-ruurd
> >     vol0/ufw       84.9K   593G  84.9K  /etc/ufw/
> >     vol0/www        789K   593G   789K  /var/www/
> >
> >     command:
> >
> >     root at td-ruurd:~# zfs send banaan at nov162012 | ssh
> >     administrator at 10.42.16.1 <mailto:administrator at 10.42.16.1> zfs
> >     recv -d vol0/td-ruurd
> >     administrator at 10.42.16.1 <mailto:administrator at 10.42.16.1>'s password:
> >     Unable to open /dev/zfs: Permission denied.
> >     Unable to open /dev/zfs: Permission denied.
> >
> >     I seem to get stuck here, anyone have pointers to what I should do?
> >
> >     I have tried:
> >
> >     root at td-ruurd:~# chmod 660 /dev/zfs
> >     root at td-ruurd:~# ll /dev/zfs
> >     crw-rw---- 1 root root 10, 57 Nov 17 10:57 /dev/zfs
> >
> >     root at files:~# chmod 660 /dev/zfs
> >     root at files:~# ll /dev/zfs
> >     crw-rw---- 1 root root 10, 57 Nov 17 00:01 /dev/zfs
> >
> >     but the problem persists.
> >
> >     regards,
> >
> >     Ruurd
> >
> >
> 
> thank you for your reply
> 
> this has worked. But it does not seem like the ideal solution.
> 
> adding sudo did not work either.
> 
> regards,
> 
> Ruurd
> 
> On 17-11-2012 14:22, Sam M wrote:
> 
> > Am new at this, but since I was having similar problems, let me see
> > if I can help. 
> > 
> > 
> > Can you create snapshots on Machine 2 (M2) under username
> > administrator? I see you are receiving with that username on M2.
> > 
> > 
> > Or try this - 
> > 
> > 
> > 1. On M2 create group 'zfs'
> > 
> > 
> > 2. Assign group to user 'administrator'
> > 
> > 
> > 2. On M2, create the following file - 
> > root at eucalyptus:~# cat /etc/udev/rules.d/91-zfs-permissions.rules 
> > # Use this to add a group and more permissive permissions for zfs
> > # so that you don't always need run it as root.  beware, users not
> > root
> > # can do nearly EVERYTHING, including, but not limited to destroying
> > # volumes and deleting datasets.  they CANNOT mount datasets or
> > create new
> > # volumes, export datasets via NFS, or other things that require
> > root
> > # permissions outside of ZFS.
> > ACTION=="add", KERNEL=="zfs", MODE="0660", GROUP="zfs"
> > 
> > 
> > 2. Reboot, or reload udev or try 'udevadm trigger
> > --action=add' [tried 'udevadm control --action=add' first, this does
> > nothing, found out after many attempts]
> > 
> > 
> > 3. Now - 
> > root at eucalyptus:~# ll /dev/zfs
> > crw-rw---- 1 root zfs 10, 57 Nov 17 18:46 /dev/zfs
> > 
> > 
> > 4. At this point user administrator should be able to do all sorts
> > of stuff to the zpool.
> > 
> > 
> > Sam
> > 
> > 
> >  
> > 
> > On 17 November 2012 18:13, Ruurd Rutger Nijdam <ruurd at rrncs.net>
> > wrote:
> >         hello everybody,
> >         
> >         Thanks for this mailing list, I have been following and
> >         learning from it for 1 year now.
> >         
> >         I have been trying to set up a send receive backup scheme
> >         using zfs, but I seem to run in to a permission denied
> >         problem.
> >         
> >         local machine:
> >         
> >         root at td-ruurd:~# zfs list -t snapshot
> >         NAME               USED  AVAIL  REFER  MOUNTPOINT
> >         banaan at nov162012      0      -    43K  -
> >         root at td-ruurd:~# zfs list
> >         NAME                   USED  AVAIL  REFER  MOUNTPOINT
> >         banaan                 270G   644G    43K  /banaan
> >         banaan/ROOT           5.77G   644G  46.5K  /mnt/ROOT
> >         banaan/ROOT/ubuntu-1  5.77G   644G  5.77G  /
> >         banaan/home            264G   644G   264G  /home
> >         
> >         remote machine:
> >         
> >         root at files:~# zfs list -t snapshot
> >         no datasets available
> >         root at files:~# zfs list
> >         NAME            USED  AVAIL  REFER  MOUNTPOINT
> >         vol0           6.55T   593G  6.50T  /mnt/vol0
> >         vol0/apache2    288K   593G   288K  /etc/apache2/
> >         vol0/backups   17.4G   593G  17.4G  /var/backups
> >         vol0/bind      12.1M   593G  12.1M  /etc/bind
> >         vol0/dhcp3     78.9K   593G  78.9K  /etc/dhcp
> >         vol0/home      34.7G   593G  34.7G  /home
> >         vol0/samba     82.9K   593G  82.9K  /etc/samba/
> >         vol0/scripts   12.6M   593G  12.6M  /etc/scripts
> >         vol0/td-ruurd  53.9K   593G  53.9K  /mnt/vol0/td-ruurd
> >         vol0/ufw       84.9K   593G  84.9K  /etc/ufw/
> >         vol0/www        789K   593G   789K  /var/www/
> >         
> >         command:
> >         
> >         root at td-ruurd:~# zfs send banaan at nov162012 | ssh
> >         administrator at 10.42.16.1 zfs recv -d vol0/td-ruurd
> >         administrator at 10.42.16.1's password:
> >         Unable to open /dev/zfs: Permission denied.
> >         Unable to open /dev/zfs: Permission denied.
> >         
> >         I seem to get stuck here, anyone have pointers to what I
> >         should do?
> >         
> >         I have tried:
> >         
> >         root at td-ruurd:~# chmod 660 /dev/zfs
> >         root at td-ruurd:~# ll /dev/zfs
> >         crw-rw---- 1 root root 10, 57 Nov 17 10:57 /dev/zfs
> >         
> >         root at files:~# chmod 660 /dev/zfs
> >         root at files:~# ll /dev/zfs
> >         crw-rw---- 1 root root 10, 57 Nov 17 00:01 /dev/zfs
> >         
> >         but the problem persists.
> >         
> >         regards,
> >         
> >         Ruurd
> > 
> > 
> 

-- 
http://milan-knizek.net/
About linux and photography (Czech only)
O linuxu a fotografování



More information about the zfs-discuss mailing list