ZFS on Linux has just fixed a long standing little annoyance
I've now been running ZFS on Linux for a while.
Over that time, one of the small little annoyances of the ZoL
experience has been that all ZFS commands required you to be root,
even if all you wanted to do was something innocuous like 'zpool
status
' or 'zfs list
'. This wasn't for any particularly good
reason and it's not how Solaris and Illumos behave; it was just
necessary because the ZoL kernel code itself had no permissions
restrictions on anything for complicated porting reasons. Anyone
who could talk to /dev/zfs
could do any ZFS operation, including
dangerous and destructive ones, so it had to be restricted to root
.
Like many people running ZoL, I dealt with this in a straightforward
way. To wit, I set up a /etc/sudoers.d/02-zfs
file that allowed
no-password access to a great big list of ZFS commands that are
unprivileged on Solaris, and then I got used to typing things like
'sudo zpool status
'. But this was never a really great experience
and it's always been a niggling annoyance.
I'm happy to report that as of a week or so ago, the latest development
version of ZoL now has fixed this issue. Normal non-root users can
now run all of the ZFS commands that are unprivileged on Solaris.
As part of this, ZoL now supports normal ZFS 'zfs allow
' and 'zfs
unallow
' for most operations, so you can (if desired) allow yourself
or other normal users to do things like create snapshots.
(Interestingly, poking around at this caused me to re-discover that
'zpool history
' is a privileged operation even on Solaris. I
guess some bits of my sudoers file are going to stay.)
Things like this are part of why I've been pretty happy to run the development version of ZoL. Even the development version has been pretty stable, and it means that I've gotten a fair number of interesting and nice features well before they made it into one of the infrequent ZoL releases. I don't know how many people run the development version, but my impression is that it's not uncommon.
(I can't blame the ZoL people for the infrequent releases, because they want releases to be high quality. Making high quality releases is a bunch of work and takes careful testing. Plus sometimes the development tree has known outstanding issues that people want to fix before a release. (I won't point you at the ZoL Github issues to see this, because there's a fair amount of noise in them.))
Comments on this page:
|
|