non-root user can not create zfs filesystem?

lhmwzy lhmwzy at gmail.com
Wed Oct 22 04:16:27 PDT 2008 

Tks very much for your reply.
I'm very sorry for the last mail,I didn't see the CC is empty,I'm not
deliberately.


2008/10/22 Jeremy Chadwick <koitsu at freebsd.org>:
> On Wed, Oct 22, 2008 at 06:54:49PM +0800, lhmwzy wrote:
>> hmm...
>> I transfer data to a remote machine use zfs.
>> for example:
>>
>> #zfs send pool/www at today | ssh -l lhm 10.67.141.80 zfs receive  www/102
>>
>> If login into 10.67.141.80 throught non-root user,it says:
>> cannot receive: permission denied
>> cannot send 'pool/www at today': Broken pipe
>>
>> But login into a remote machine use root through ssh is not a good idea,right?
>>
>>
>> 2008/10/22 Jeremy Chadwick <koitsu at freebsd.org>:
>> > On Wed, Oct 22, 2008 at 05:13:21PM +0800, lhmwzy wrote:
>> >> $zfs create www/lhm
>> >> cannot create 'www/lhm': permission denied
>> >>
>> >> How to do this or when can do this?
>> >
>> > Creating a filesystem is something that can only be done by root.  I'm
>> > not sure what gave you the impression non-root users can do this...?
>
> This problem has nothing to do with ZFS, it has to do with SSH.
>
> You need to do a few things for this to work.  Here's a very quick way:
>
> 1) Make a public key on the machine you're doing "zfs send" from.
>   Run ssh-keygen as root
> 2) Place contents of /root/.ssh/id_rsa.pub in /root/.ssh/authorized_keys
>   on 10.67.141.80.  Make sure the /root/.ssh directory is perm 0700,
>   and authorized_keys is perm 0600.
> 3) On 10.67.141.80, edit /etc/ssh/sshd_config and change this line:
>
> #PermitRootLogin no
>
> ...to:
>
> PermitRootLogin without-password
>
> 4) Send a SIGHUP signal to the master sshd process.  This might
> disconnect any existing SSH sessions to the machine:
>
> kill -HUP `cat /var/run/sshd.pid`
>
>
> If you're concerned about what "without-password" does, read the man
> page.  It WILL NOT let people SSH into the root account, UNLESS they
> have the private key (on zfs_send_host).  That's the ONLY WAY they can
> get in as root.
>
> You may want to secure things down a bit more by editing
> /root/.ssh/authorized_keys on 10.67.141.80 to only allow certain
> commands to be executed (specifically "zfs receive").  You can look on
> Google for how to do this.
>
> Finally, why did you remove the mailing list from the CC list?  Now
> no one knows what we've discussed, which isn't good.
>
> --
> | Jeremy Chadwick                                jdc at parodius.com |
> | Parodius Networking                       http://www.parodius.com/ |
> | UNIX Systems Administrator                  Mountain View, CA, USA |
> | Making life hard for others since 1977.              PGP: 4BD6C0CB |
>
>

More information about the freebsd-stable mailing list