ZFS recv user unable to mount filesystems

erif erif-freebsd-fs at z42.net
Mon Sep 9 18:18:47 UTC 2013


Hi,

We have set up two systems, at remote locations, with FreeBSD 9.1-RELEASE-p4
and ZFS. They have their own zpool and two main filesystems, one to keep
local filesystems and the other (read-only, which is inherited to underlying
filesystems) to keep replicas of the other nodes locally used filesystems.

To keep the filesystems in sync between the two hosts we intend to have two
users in each end, running cron jobs and scripts, one for taking snapshots
and sending them (over ssh) and one to receive snapshots and mount them.

It looks like this, zhost0 has main filesystems zpool0/zfs0/a and
zpool0/zfs1/b, and zhost1 has main filesystems zpool1/zfs1/b and
zpool1/zfs0/a, where zpool0/zfs1 and zpool1/zfs0 have the property readonly
which is inherited by a and b, the filesystems and descendants we intend to
sync snapshots of (zfs0 and zfs1 have no mountpoints, a and b do).

We have the two users zsend and zrecv with these allow permissions (zhost0)

  ---- Permissions on zpool0/zfs0 ----------------------------------------
  Local+Descendent permissions:
          user zsend hold,mount,send,snapshot
  
  ---- Permissions on zpool0/zfs1 ----------------------------------------
  Local+Descendent permissions:
          user zrecv create,mount,receive

and vfs.usermount is set to 1.

All is well until the receiving user has gotten the data and tries to mount
a newly received, and previously non-existent, filesystem

  cannot mount 'zpool0/zfs1/b': Insufficient privileges

However, zrecv can unmount a previously (by superuser) mounted filesystem,
for which it has allow permission mount (it cannot unmount it if
vfs.usermount=0). Also, the zrecv user can mount and unmount zpool0/zfs1/b
just fine (and likewise, that user on zhost1, zpool1/zfs0/a) if it is the
owner of the mountpoint directory, but for us this is not a solution.

As a temporary workaround, we will probably let the zrecv user run 'sudo zfs
mount -a' in the script run by the cron job.


-- 
Fredrik


More information about the freebsd-fs mailing list