slo*_*loh 9 freebsd zfs delegation jail freenas
我有一台 FreeNAS (11.1-U1) 和一台 FreeBSD (11.1-RELEASE-p6) 机器。在 FreeNAS 上,我想以zfs receive具有委派权限的非 root 用户身份递归快照。这似乎适用于大多数子数据集。但是 iocage 的data数据集可以安装到监狱中并从那里管理,它们失败了:
root@freebsd:~> zfs send -RI "dozer@2018-02-21" "dozer@2018-03-08" | ssh -T -i /root/backup_key backupuser@freenas zfs receive -dvuF neo/backups/freebsd
receiving incremental stream of dozer@2018-03-03 into neo/backups/freebsd@2018-03-03
received 312B stream in 1 seconds (312B/sec)
receiving incremental stream of dozer@2018-03-07 into neo/backups/freebsd@2018-03-07
received 312B stream in 1 seconds (312B/sec)
receiving incremental stream of dozer@2018-03-08 into neo/backups/freebsd@2018-03-08
received 312B stream in 1 seconds (312B/sec)
receiving incremental stream of dozer/ROOT@2018-03-03 into neo/backups/freebsd/ROOT@2018-03-03
.
.
.
receiving incremental stream of dozer/iocage/jails/owncloud/root@2018-03-08 into neo/backups/freebsd/iocage/jails/owncloud/root@2018-03-08
received 578MB stream in 110 seconds (5.25MB/sec)
receiving incremental stream of dozer/iocage/jails/owncloud/root/data@2018-03-03 into neo/backups/freebsd/iocage/jails/owncloud/root/data@2018-03-03
cannot receive incremental stream: permission denied
warning: cannot send 'dozer/iocage/jails/owncloud/root/data@2018-03-03': signal received
warning: cannot send 'dozer/iocage/jails/owncloud/root/data@2018-03-07': Broken pipe
warning: cannot send 'dozer/iocage/jails/owncloud/root/data@2018-03-08': Broken pipe
该特定子项的权限与父数据集之一完全相同:
root@freenas:~ # zfs allow neo/backups/freebsd/iocage/jails/owncloud/root/data
---- Permissions on neo/backups/freebsd -----------------------------
Local+Descendent permissions:
user backupuser atime,compression,create,dedup,exec,jailed,mount,mountpoint,quota,receive,rename,reservation,setuid,userprop
运行zfs receive在安装FreeNAS的根按预期工作。
我的用户需要什么授权才能接收 iocage 的被监禁数据集,更一般地说,有没有办法zfs receive发出更详细的错误消息,告诉您缺少什么权限?
zfs在排查命令引起的权限问题时,请zfs按照操作的组成步骤进行分析。
解包示例命令zfs receive -duvF分为几个步骤。其中两个标志与任何特殊权限无关:
-d 影响新数据集的命名(如果有)
-v 启用详细输出
另外两个也这样做。
-F 表示在接收开始之前文件系统将回滚到增量传输的初始快照
-u 表示接收完成后不会挂载文件系统
我的预感是您缺少回滚权限。命令中的 -F 标志意味着zfs rollback将执行 a ,并且您的zfs allow不列出rollback.
在一般情况下,人们可以对给定命令所需的权限进行演绎猜测zfs。
手册页指出zfs:
权限名称与 ZFS 子命令和属性名称相同。
和 ...
权限通常是使用 ZFS 子命令或更改 ZFS 属性的能力。可以使用以下权限:
Run Code Online (Sandbox Code Playgroud)NAME TYPE NOTES allow subcommand Must also have the permission that is being allowed clone subcommand Must also have the 'create' ability and 'mount' ability in the origin file system create subcommand Must also have the 'mount' ability destroy subcommand Must also have the 'mount' ability diff subcommand Allows lookup of paths within a dataset given an object number, and the ability to create snapshots necessary to 'zfs diff' hold subcommand Allows adding a user hold to a snapshot mount subcommand Allows mount/umount of ZFS datasets promote subcommand Must also have the 'mount' and 'promote' ability in the origin file system receive subcommand Must also have the 'mount' and 'create' ability release subcommand Allows releasing a user hold which might destroy the snapshot rename subcommand Must also have the 'mount' and 'create' ability in the new parent rollback subcommand Must also have the 'mount' ability send subcommand share subcommand Allows sharing file systems over the NFS protocol snapshot subcommand Must also have the 'mount' ability groupquota other Allows accessing any groupquota@... property groupused other Allows reading any groupused@... property userprop other Allows changing any user property userquota other Allows accessing any userquota@... property userused other Allows reading any userused@... property aclinherit property aclmode property atime property canmount property casesensitivity property checksum property compression property copies property dedup property devices property exec property filesystem_limit property logbias property jailed property mlslabel property mountpoint property nbmand property normalization property primarycache property quota property readonly property recordsize property refquota property refreservation property reservation property secondarycache property setuid property sharenfs property sharesmb property snapdir property snapshot_limit property sync property utf8only property version property volblocksize property volsize property vscan property xattr property
手头的示例包含该-u标志,因此在接收操作结束时不会安装文件系统。但是,如果-u不存在,文件系统将在接收过程结束时安装。显然,receive许可需要许可mount。
由于zfs mount操作将自动创建任何必要的挂载点,因此用户可能具有zfs挂载数据集的权限,但没有创建挂载点的文件系统权限。在 的情况下zfs mount,挂载将会失败。在一个zfs create或rename操作中,将创建或重命名文件系统,但如果用户没有足够的文件系统权限来创建挂载点,则文件系统将保持卸载状态。
同样,zfs rename命令可能会因重命名操作中的多个点缺乏权限而失败。宽松地表达,组成步骤可能是:
1) 卸载文件系统(mount权限)
2) 创建新文件系统(create权限)
3) 将文件系统元数据映射到新名称(rename权限)
第四步是在新的、可能已更改的安装点重新安装新命名的文件系统,这再次使用权限mount和可能的文件系统权限来创建新的安装点。
我没有测试过这样的技巧,但是可以看出,zfs区分create和rename权限,也区分mount和mountpoint权限。人们想象可能允许用户创建新的文件系统,但一旦创建,用户就无法重命名它们。对于具有继承挂载点的文件系统,重命名文件系统通常也会重命名文件系统的挂载点,就像重命名tank/usr/local为tank/usr/local.OLD将挂载点从 更改/usr/local为时一样/usr/local.OLD。
mount权限rename的分离mountpoint意味着可以允许用户重命名文件系统,但不允许更改其安装点。反之亦然,能够更改文件系统的安装位置,但无法更改文件系统的名称。
其文件系统操作和这些操作的委派的丰富性,再加上权限的粒度,可能会带来zfs一定的挑战性,但也非常强大。
这看起来像是您有一个缺少权限的快照。
尝试设置receive权限neo/backups/freebsd/iocage/jails/owncloud/root/data@2018-03-03。
看起来它在卷上设置正确,但在快照上丢失。
| 归档时间: |
|
| 查看次数: |
1183 次 |
| 最近记录: |