ansible / ansible.builtin / v2.8.17 / module / zfs_delegate_admin Manage ZFS delegated administration (user admin privileges) | "added in version" 2.8 of ansible.builtin" Authors: Nate Coraor (@natefoo) preview | supported by communityansible.builtin.zfs_delegate_admin (v2.8.17) — module
pip
Install with pip install ansible==2.8.17
Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
See the C(zfs allow) section of C(zfs(1M)) for detailed explanations of options.
This module attempts to adhere to the behavior of the command line tool as much as possible.
- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope zfs_delegate_admin: name: rpool/myfs users: adm permissions: allow,unallow
- name: Grant `zfs send` to everyone, plus the group `backup` zfs_delegate_admin: name: rpool/myvol groups: backup everyone: yes permissions: send
- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only zfs_delegate_admin: name: rpool/myfs users: foo,bar permissions: send,receive local: yes
- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain)
- zfs_delegate_admin: name: rpool/myfs everyone: yes state: absent
name: description: - File system or volume name e.g. C(rpool/myfs). required: true type: str local: description: - Apply permissions to C(name) locally (C(zfs allow -l)). type: bool state: choices: - absent - present default: present description: - Whether to allow (C(present)), or unallow (C(absent)) a permission. - When set to C(present), at least one "entity" param of I(users), I(groups), or I(everyone) are required. - When set to C(absent), removes permissions from the specified entities, or removes all permissions if no entity params are specified. required: true users: description: - List of users to whom permission(s) should be granted. type: list groups: description: - List of groups to whom permission(s) should be granted. type: list everyone: default: false description: - Apply permissions to everyone. type: bool recursive: default: false description: - Unallow permissions recursively (ignored when C(state) is C(present)). type: bool descendents: description: - Apply permissions to C(name)'s descendents (C(zfs allow -d)). type: bool permissions: choices: - allow - clone - create - destroy - mount - promote - readonly - receive - rename - rollback - send - share - snapshot - unallow description: - The list of permission(s) to delegate (required if C(state) is C(present)). type: list