/ home / community / community.general / 8.5.0 / module / zfs_delegate_admin

community.general.zfs_delegate_admin (8.5.0) — module

Manage ZFS delegated administration (user admin privileges)

Authors: Nate Coraor (@natefoo)

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0

Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

Manages ZFS file system delegated administration permissions, which allow unprivileged users to perform ZFS operations normally restricted to the superuser.

See the C(zfs allow) section of V(zfs(1M\)) for detailed explanations of options.

This module attempts to adhere to the behavior of the command line tool as much as possible.

Requirements

A ZFS/OpenZFS implementation that supports delegation with C(zfs allow), including: Solaris >= 10, illumos (all versions), FreeBSD >= 8.0R, ZFS on Linux >= 0.7.0.

Usage examples

Scanned by Steampunk Spotter

- name: Grant `zfs allow` and `unallow` permission to the `adm` user with the default local+descendents scope
  community.general.zfs_delegate_admin:
    name: rpool/myfs
    users: adm
    permissions: allow,unallow

Scanned by Steampunk Spotter

- name: Grant `zfs send` to everyone, plus the group `backup`
  community.general.zfs_delegate_admin:
    name: rpool/myvol
    groups: backup
    everyone: true
    permissions: send

Scanned by Steampunk Spotter

- name: Grant `zfs send,receive` to users `foo` and `bar` with local scope only
  community.general.zfs_delegate_admin:
    name: rpool/myfs
    users: foo,bar
    permissions: send,receive
    local: true

Scanned by Steampunk Spotter

- name: Revoke all permissions from everyone (permissions specifically assigned to users and groups remain)
  community.general.zfs_delegate_admin:
    name: rpool/myfs
    everyone: true
    state: absent

Inputs

    
name:
    description:
    - File system or volume name, for example V(rpool/myfs).
    required: true
    type: str

local:
    description:
    - Apply permissions to O(name) locally (C(zfs allow -l)).
    type: bool

state:
    choices:
    - absent
    - present
    default: present
    description:
    - Whether to allow (V(present)), or unallow (V(absent)) a permission.
    - When set to V(present), at least one "entity" param of O(users), O(groups), or O(everyone)
      are required.
    - When set to V(absent), removes permissions from the specified entities, or removes
      all permissions if no entity params are specified.
    type: str

users:
    description:
    - List of users to whom permission(s) should be granted.
    elements: str
    type: list

groups:
    description:
    - List of groups to whom permission(s) should be granted.
    elements: str
    type: list

everyone:
    default: false
    description:
    - Apply permissions to everyone.
    type: bool

recursive:
    default: false
    description:
    - Unallow permissions recursively (ignored when O(state=present)).
    type: bool

descendents:
    description:
    - Apply permissions to O(name)'s descendents (C(zfs allow -d)).
    type: bool

permissions:
    description:
    - The list of permission(s) to delegate (required if O(state=present)).
    - Supported permissions depend on the ZFS version in use. See for example U(https://openzfs.github.io/openzfs-docs/man/8/zfs-allow.8.html)
      for OpenZFS.
    elements: str
    type: list