community / community.general / 3.8.10 / module / zfs_delegate_admin Manage ZFS delegated administration (user admin privileges) Authors: Nate Coraor (@natefoo)community.general.zfs_delegate_admin (3.8.10) — module
Install with ansible-galaxy collection install community.general:==3.8.10
collections: - name: community.general version: 3.8.10
Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.
See the C(zfs allow) section of C(zfs(1M)) for detailed explanations of options.
This module attempts to adhere to the behavior of the command line tool as much as possible.
- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope community.general.zfs_delegate_admin: name: rpool/myfs users: adm permissions: allow,unallow
- name: Grant `zfs send` to everyone, plus the group `backup` community.general.zfs_delegate_admin: name: rpool/myvol groups: backup everyone: yes permissions: send
- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only community.general.zfs_delegate_admin: name: rpool/myfs users: foo,bar permissions: send,receive local: yes
- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain) community.general.zfs_delegate_admin: name: rpool/myfs everyone: yes state: absent
name: description: - File system or volume name e.g. C(rpool/myfs). required: true type: str local: description: - Apply permissions to C(name) locally (C(zfs allow -l)). type: bool state: choices: - absent - present default: present description: - Whether to allow (C(present)), or unallow (C(absent)) a permission. - When set to C(present), at least one "entity" param of I(users), I(groups), or I(everyone) are required. - When set to C(absent), removes permissions from the specified entities, or removes all permissions if no entity params are specified. type: str users: description: - List of users to whom permission(s) should be granted. elements: str type: list groups: description: - List of groups to whom permission(s) should be granted. elements: str type: list everyone: default: false description: - Apply permissions to everyone. type: bool recursive: default: false description: - Unallow permissions recursively (ignored when C(state) is C(present)). type: bool descendents: description: - Apply permissions to C(name)'s descendents (C(zfs allow -d)). type: bool permissions: description: - The list of permission(s) to delegate (required if C(state) is C(present)). - Supported permissions depend on the ZFS version in use. See for example U(https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html) for OpenZFS. elements: str type: list