1.\" SPDX-License-Identifier: CDDL-1.0 2.\" 3.\" CDDL HEADER START 4.\" 5.\" The contents of this file are subject to the terms of the 6.\" Common Development and Distribution License (the "License"). 7.\" You may not use this file except in compliance with the License. 8.\" 9.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10.\" or https://opensource.org/licenses/CDDL-1.0. 11.\" See the License for the specific language governing permissions 12.\" and limitations under the License. 13.\" 14.\" When distributing Covered Code, include this CDDL HEADER in each 15.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16.\" If applicable, add the following below this CDDL HEADER, with the 17.\" fields enclosed by brackets "[]" replaced with your own identifying 18.\" information: Portions Copyright [yyyy] [name of copyright owner] 19.\" 20.\" CDDL HEADER END 21.\" 22.\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved. 23.\" Copyright 2011 Joshua M. Clulow <josh@sysmgr.org> 24.\" Copyright (c) 2011, 2019 by Delphix. All rights reserved. 25.\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved. 26.\" Copyright (c) 2014, Joyent, Inc. All rights reserved. 27.\" Copyright (c) 2014 by Adam Stevko. All rights reserved. 28.\" Copyright (c) 2014 Integros [integros.com] 29.\" Copyright 2019 Richard Laager. All rights reserved. 30.\" Copyright 2018 Nexenta Systems, Inc. 31.\" Copyright 2019 Joyent, Inc. 32.\" 33.Dd September 8, 2025 34.Dt ZFS-ALLOW 8 35.Os 36. 37.Sh NAME 38.Nm zfs-allow 39.Nd delegate ZFS administration permissions to unprivileged users 40.Sh SYNOPSIS 41.Nm zfs 42.Cm allow 43.Op Fl dglu 44.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns … 45.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 46.Ar setname Oc Ns … 47.Ar filesystem Ns | Ns Ar volume 48.Nm zfs 49.Cm allow 50.Op Fl dl 51.Fl e Ns | Ns Sy everyone 52.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 53.Ar setname Oc Ns … 54.Ar filesystem Ns | Ns Ar volume 55.Nm zfs 56.Cm allow 57.Fl c 58.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 59.Ar setname Oc Ns … 60.Ar filesystem Ns | Ns Ar volume 61.Nm zfs 62.Cm allow 63.Fl s No @ Ns Ar setname 64.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 65.Ar setname Oc Ns … 66.Ar filesystem Ns | Ns Ar volume 67.Nm zfs 68.Cm unallow 69.Op Fl dglru 70.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns … 71.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 72.Ar setname Oc Ns … Oc 73.Ar filesystem Ns | Ns Ar volume 74.Nm zfs 75.Cm unallow 76.Op Fl dlr 77.Fl e Ns | Ns Sy everyone 78.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 79.Ar setname Oc Ns … Oc 80.Ar filesystem Ns | Ns Ar volume 81.Nm zfs 82.Cm unallow 83.Op Fl r 84.Fl c 85.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 86.Ar setname Oc Ns … Oc 87.Ar filesystem Ns | Ns Ar volume 88.Nm zfs 89.Cm unallow 90.Op Fl r 91.Fl s No @ Ns Ar setname 92.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 93.Ar setname Oc Ns … Oc 94.Ar filesystem Ns | Ns Ar volume 95. 96.Sh DESCRIPTION 97.Bl -tag -width "" 98.It Xo 99.Nm zfs 100.Cm allow 101.Ar filesystem Ns | Ns Ar volume 102.Xc 103Displays permissions that have been delegated on the specified filesystem or 104volume. 105See the other forms of 106.Nm zfs Cm allow 107for more information. 108.Pp 109Delegations are supported under Linux with the exception of 110.Sy mount , 111.Sy unmount , 112.Sy mountpoint , 113.Sy canmount , 114.Sy rename , 115and 116.Sy share . 117These permissions cannot be delegated because the Linux 118.Xr mount 8 119command restricts modifications of the global namespace to the root user. 120.It Xo 121.Nm zfs 122.Cm allow 123.Op Fl dglu 124.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns … 125.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 126.Ar setname Oc Ns … 127.Ar filesystem Ns | Ns Ar volume 128.Xc 129.It Xo 130.Nm zfs 131.Cm allow 132.Op Fl dl 133.Fl e Ns | Ns Sy everyone 134.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 135.Ar setname Oc Ns … 136.Ar filesystem Ns | Ns Ar volume 137.Xc 138Delegates ZFS administration permission for the file systems to non-privileged 139users. 140.Bl -tag -width "-d" 141.It Fl d 142Allow only for the descendent file systems. 143.It Fl e Ns | Ns Sy everyone 144Specifies that the permissions be delegated to everyone. 145.It Fl g Ar group Ns Oo , Ns Ar group Oc Ns … 146Explicitly specify that permissions are delegated to the group. 147.It Fl l 148Allow 149.Qq locally 150only for the specified file system. 151.It Fl u Ar user Ns Oo , Ns Ar user Oc Ns … 152Explicitly specify that permissions are delegated to the user. 153.It Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns … 154Specifies to whom the permissions are delegated. 155Multiple entities can be specified as a comma-separated list. 156If neither of the 157.Fl gu 158options are specified, then the argument is interpreted preferentially as the 159keyword 160.Sy everyone , 161then as a user name, and lastly as a group name. 162To specify a user or group named 163.Qq everyone , 164use the 165.Fl g 166or 167.Fl u 168options. 169To specify a group with the same name as a user, use the 170.Fl g 171options. 172.It Xo 173.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 174.Ar setname Oc Ns … 175.Xc 176The permissions to delegate. 177Multiple permissions may be specified as a comma-separated list. 178Permission names are the same as ZFS subcommand and property names. 179See the property list below. 180Property set names, which begin with 181.Sy @ , 182may be specified. 183See the 184.Fl s 185form below for details. 186.El 187.Pp 188If neither of the 189.Fl dl 190options are specified, or both are, then the permissions are allowed for the 191file system or volume, and all of its descendants. 192.Pp 193Permissions are generally the ability to use a ZFS subcommand or change a ZFS 194property. 195The following permissions are available: 196.TS 197l l l . 198NAME TYPE NOTES 199_ _ _ 200allow subcommand Must also have the permission that is being allowed 201bookmark subcommand 202clone subcommand Must also have the \fBcreate\fR ability and \fBmount\fR ability in the origin file system 203create subcommand Must also have the \fBmount\fR ability. Must also have the \fBrefreservation\fR ability to create a non-sparse volume. 204destroy subcommand Must also have the \fBmount\fR ability 205diff subcommand Allows lookup of paths within a dataset given an object number, and the ability to create snapshots necessary to \fBzfs diff\fR. 206hold subcommand Allows adding a user hold to a snapshot 207load-key subcommand Allows loading and unloading of encryption key (see \fBzfs load-key\fR and \fBzfs unload-key\fR). 208change-key subcommand Allows changing an encryption key via \fBzfs change-key\fR. 209mount subcommand Allows mounting/unmounting ZFS datasets 210promote subcommand Must also have the \fBmount\fR and \fBpromote\fR ability in the origin file system 211receive subcommand Must also have the \fBmount\fR and \fBcreate\fR ability, required for \fBzfs receive -F\fR (see also \fBreceive:append\fR for limited, non forced receive) 212release subcommand Allows releasing a user hold which might destroy the snapshot 213rename subcommand Must also have the \fBmount\fR and \fBcreate\fR ability in the new parent 214rollback subcommand Must also have the \fBmount\fR ability 215send subcommand Allows sending a replication stream of a dataset. 216send:raw subcommand Only allows sending raw replication streams, preventing encrypted datasets being sent in decrypted form. 217share subcommand Allows sharing file systems over NFS or SMB protocols 218snapshot subcommand Must also have the \fBmount\fR ability 219 220receive:append other Must also have the \fBmount\fR and \fBcreate\fR ability, limited receive ability (can not do receive -F) 221groupquota other Allows accessing any \fBgroupquota@\fI…\fR property 222groupobjquota other Allows accessing any \fBgroupobjquota@\fI…\fR property 223groupused other Allows reading any \fBgroupused@\fI…\fR property 224groupobjused other Allows reading any \fBgroupobjused@\fI…\fR property 225userprop other Allows changing any user property 226userquota other Allows accessing any \fBuserquota@\fI…\fR property 227userobjquota other Allows accessing any \fBuserobjquota@\fI…\fR property 228userused other Allows reading any \fBuserused@\fI…\fR property 229userobjused other Allows reading any \fBuserobjused@\fI…\fR property 230projectobjquota other Allows accessing any \fBprojectobjquota@\fI…\fR property 231projectquota other Allows accessing any \fBprojectquota@\fI…\fR property 232projectobjused other Allows reading any \fBprojectobjused@\fI…\fR property 233projectused other Allows reading any \fBprojectused@\fI…\fR property 234 235aclinherit property 236aclmode property 237acltype property 238atime property 239canmount property 240casesensitivity property 241checksum property 242compression property 243context property 244copies property 245dedup property 246defcontext property 247devices property 248dnodesize property 249encryption property 250exec property 251filesystem_limit property 252fscontext property 253keyformat property 254keylocation property 255logbias property 256mlslabel property 257mountpoint property 258nbmand property 259normalization property 260overlay property 261pbkdf2iters property 262primarycache property 263quota property 264readonly property 265recordsize property 266redundant_metadata property 267refquota property 268refreservation property 269relatime property 270reservation property 271rootcontext property 272secondarycache property 273setuid property 274sharenfs property 275sharesmb property 276snapdev property 277snapdir property 278snapshot_limit property 279special_small_blocks property 280sync property 281utf8only property 282version property 283volblocksize property 284volmode property 285volsize property 286vscan property 287xattr property 288zoned property 289.TE 290.It Xo 291.Nm zfs 292.Cm allow 293.Fl c 294.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 295.Ar setname Oc Ns … 296.Ar filesystem Ns | Ns Ar volume 297.Xc 298Sets 299.Qq create time 300permissions. 301These permissions are granted 302.Pq locally 303to the creator of any newly-created descendent file system. 304.It Xo 305.Nm zfs 306.Cm allow 307.Fl s No @ Ns Ar setname 308.Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 309.Ar setname Oc Ns … 310.Ar filesystem Ns | Ns Ar volume 311.Xc 312Defines or adds permissions to a permission set. 313The set can be used by other 314.Nm zfs Cm allow 315commands for the specified file system and its descendants. 316Sets are evaluated dynamically, so changes to a set are immediately reflected. 317Permission sets follow the same naming restrictions as ZFS file systems, but the 318name must begin with 319.Sy @ , 320and can be no more than 64 characters long. 321.It Xo 322.Nm zfs 323.Cm unallow 324.Op Fl dglru 325.Ar user Ns | Ns Ar group Ns Oo , Ns Ar user Ns | Ns Ar group Oc Ns … 326.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 327.Ar setname Oc Ns … Oc 328.Ar filesystem Ns | Ns Ar volume 329.Xc 330.It Xo 331.Nm zfs 332.Cm unallow 333.Op Fl dlr 334.Fl e Ns | Ns Sy everyone 335.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 336.Ar setname Oc Ns … Oc 337.Ar filesystem Ns | Ns Ar volume 338.Xc 339.It Xo 340.Nm zfs 341.Cm unallow 342.Op Fl r 343.Fl c 344.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 345.Ar setname Oc Ns … Oc 346.Ar filesystem Ns | Ns Ar volume 347.Xc 348Removes permissions that were granted with the 349.Nm zfs Cm allow 350command. 351No permissions are explicitly denied, so other permissions granted are still in 352effect. 353For example, if the permission is granted by an ancestor. 354If no permissions are specified, then all permissions for the specified 355.Ar user , 356.Ar group , 357or 358.Sy everyone 359are removed. 360Specifying 361.Sy everyone 362.Po or using the 363.Fl e 364option 365.Pc 366only removes the permissions that were granted to everyone, not all permissions 367for every user and group. 368See the 369.Nm zfs Cm allow 370command for a description of the 371.Fl ldugec 372options. 373.Bl -tag -width "-r" 374.It Fl r 375Recursively remove the permissions from this file system and all descendants. 376.El 377.It Xo 378.Nm zfs 379.Cm unallow 380.Op Fl r 381.Fl s No @ Ns Ar setname 382.Oo Ar perm Ns | Ns @ Ns Ar setname Ns Oo , Ns Ar perm Ns | Ns @ Ns 383.Ar setname Oc Ns … Oc 384.Ar filesystem Ns | Ns Ar volume 385.Xc 386Removes permissions from a permission set. 387If no permissions are specified, then all permissions are removed, thus removing 388the set entirely. 389.El 390. 391.Sh EXAMPLES 392.\" These are, respectively, examples 17, 18, 19, 20 from zfs.8 393.\" Make sure to update them bidirectionally 394.Ss Example 1 : No Delegating ZFS Administration Permissions on a ZFS Dataset 395The following example shows how to set permissions so that user 396.Ar cindys 397can create, destroy, mount, and take snapshots on 398.Ar tank/cindys . 399The permissions on 400.Ar tank/cindys 401are also displayed. 402.Bd -literal -compact -offset Ds 403.No # Nm zfs Cm allow Sy cindys create , Ns Sy destroy , Ns Sy mount , Ns Sy snapshot Ar tank/cindys 404.No # Nm zfs Cm allow Ar tank/cindys 405---- Permissions on tank/cindys -------------------------------------- 406Local+Descendent permissions: 407 user cindys create,destroy,mount,snapshot 408.Ed 409.Pp 410Because the 411.Ar tank/cindys 412mount point permission is set to 755 by default, user 413.Ar cindys 414will be unable to mount file systems under 415.Ar tank/cindys . 416Add an ACE similar to the following syntax to provide mount point access: 417.Dl # Cm chmod No A+user : Ns Ar cindys Ns :add_subdirectory:allow Ar /tank/cindys 418. 419.Ss Example 2 : No Delegating Create Time Permissions on a ZFS Dataset 420The following example shows how to grant anyone in the group 421.Ar staff 422to create file systems in 423.Ar tank/users . 424This syntax also allows staff members to destroy their own file systems, but not 425destroy anyone else's file system. 426The permissions on 427.Ar tank/users 428are also displayed. 429.Bd -literal -compact -offset Ds 430.No # Nm zfs Cm allow Ar staff Sy create , Ns Sy mount Ar tank/users 431.No # Nm zfs Cm allow Fl c Sy destroy Ar tank/users 432.No # Nm zfs Cm allow Ar tank/users 433---- Permissions on tank/users --------------------------------------- 434Permission sets: 435 destroy 436Local+Descendent permissions: 437 group staff create,mount 438.Ed 439. 440.Ss Example 3 : No Defining and Granting a Permission Set on a ZFS Dataset 441The following example shows how to define and grant a permission set on the 442.Ar tank/users 443file system. 444The permissions on 445.Ar tank/users 446are also displayed. 447.Bd -literal -compact -offset Ds 448.No # Nm zfs Cm allow Fl s No @ Ns Ar pset Sy create , Ns Sy destroy , Ns Sy snapshot , Ns Sy mount Ar tank/users 449.No # Nm zfs Cm allow staff No @ Ns Ar pset tank/users 450.No # Nm zfs Cm allow Ar tank/users 451---- Permissions on tank/users --------------------------------------- 452Permission sets: 453 @pset create,destroy,mount,snapshot 454Local+Descendent permissions: 455 group staff @pset 456.Ed 457. 458.Ss Example 4 : No Delegating Property Permissions on a ZFS Dataset 459The following example shows to grant the ability to set quotas and reservations 460on the 461.Ar users/home 462file system. 463The permissions on 464.Ar users/home 465are also displayed. 466.Bd -literal -compact -offset Ds 467.No # Nm zfs Cm allow Ar cindys Sy quota , Ns Sy reservation Ar users/home 468.No # Nm zfs Cm allow Ar users/home 469---- Permissions on users/home --------------------------------------- 470Local+Descendent permissions: 471 user cindys quota,reservation 472cindys% zfs set quota=10G users/home/marks 473cindys% zfs get quota users/home/marks 474NAME PROPERTY VALUE SOURCE 475users/home/marks quota 10G local 476.Ed 477. 478.Ss Example 5 : No Removing ZFS Delegated Permissions on a ZFS Dataset 479The following example shows how to remove the snapshot permission from the 480.Ar staff 481group on the 482.Sy tank/users 483file system. 484The permissions on 485.Sy tank/users 486are also displayed. 487.Bd -literal -compact -offset Ds 488.No # Nm zfs Cm unallow Ar staff Sy snapshot Ar tank/users 489.No # Nm zfs Cm allow Ar tank/users 490---- Permissions on tank/users --------------------------------------- 491Permission sets: 492 @pset create,destroy,mount,snapshot 493Local+Descendent permissions: 494 group staff @pset 495.Ed 496