zfs [-?]
zfs create [-p] [-o property=value] ... filesystem
zfs create [-ps] [-b blocksize] [-o property=value] ... -V size volume
zfs destroy [-rRf] filesystem|volume
zfs destroy [-rRd] snapshot
zfs snapshot [-r] [-o property=value]... filesystem@snapname|volume@snapname
zfs rollback [-rRf] snapshot
zfs clone [-p] [-o property=value] ... snapshot filesystem|volume
zfs promote clone-filesystem
zfs rename filesystem|volume|snapshot filesystem|volume|snapshot
zfs rename [-p] filesystem|volume filesystem|volume
zfs rename -r snapshot snapshot
zfs list [-r|-d depth][-H][-o property[,...]] [-t type[,...]] [-s property] ... [-S property] ... [filesystem|volume|snapshot] ...
zfs set property=value filesystem|volume|snapshot ...
zfs get [-r|-d depth][-Hp][-o all | field[,...]] [-s source[,...]] all | property[,...] filesystem|volume|snapshot ...
zfs inherit [-rS] property filesystem|volume|snapshot ...
zfs upgrade [-v]
zfs upgrade [-r] [-V version] -a | filesystem
zfs userspace [-niHp] [-o field[,...]] [-sS field] ... [-t type [,...]] filesystem|snapshot
zfs groupspace [-niHp] [-o field[,...]] [-sS field] ... [-t type [,...]] filesystem|snapshot
zfs mount
zfs mount [-vO] [-o options] -a | filesystem
zfs unmount [-f] -a | filesystem|mountpoint
zfs share -a | filesystem
zfs unshare -a filesystem|mountpoint
zfs send [-DvRp] [-[iI] snapshot] snapshot
zfs receive [-vnFu] filesystem|volume|snapshot
zfs receive [-vnFu] [-d | -e] filesystem
zfs allow filesystem|volume
zfs allow [-ldug] "everyone"|user|group[,...] perm|@setname[,...] filesystem|volume
zfs allow [-ld] -e perm|@setname[,...] filesystem|volume
zfs allow -c perm|@setname[,...] filesystem|volume
zfs allow -s @setname perm|@setname[,...] filesystem|volume
zfs unallow [-rldug] "everyone"|user|group[,...] [perm|@setname[,... ]] filesystem|volume
zfs unallow [-rld] -e [perm|@setname[,... ]] filesystem|volume
zfs unallow [-r] -c [perm|@setname[ ... ]] filesystem|volume
zfs unallow [-r] -s @setname [perm|@setname[,... ]] filesystem|volume
zfs hold [-r] tag snapshot...
zfs holds [-r] snapshot...
zfs release [-r] tag snapshot...
The zfs command configures ZFS datasets within a ZFS storage pool, as described in zpool(1M). A dataset is identified by a unique path within the ZFS namespace. For example:
pool/{filesystem,volume,snapshot}
where the maximum length of a dataset name is MAXNAMELEN (256 bytes).
A dataset can be one of the following:
file system
volume
snapshot
A ZFS storage pool is a logical collection of devices that provide space for datasets. A storage pool is also the root of the ZFS file system hierarchy.
The root of the pool can be accessed as a file system, such as mounting and unmounting, taking snapshots, and setting properties. The physical storage characteristics, however, are managed by the zpool(1M) command.
See zpool(1M) for more information on creating and administering pools.
A snapshot is a read-only copy of a file system or volume. Snapshots can be created extremely quickly, and initially consume no additional space within the pool. As data within the active dataset changes, the snapshot consumes more data than would otherwise be shared with the active dataset.
Snapshots can have arbitrary names. Snapshots of volumes can be cloned or rolled back, but cannot be accessed independently.
File system snapshots can be accessed under the .zfs/snapshot directory in the root of the file system. Snapshots are automatically mounted on demand and may be unmounted at regular intervals. The visibility of the .zfs directory can be controlled by the snapdir property.
A clone is a writable volume or file system whose initial contents are the same as another dataset. As with snapshots, creating a clone is nearly instantaneous, and initially consumes no additional space.
Clones can only be created from a snapshot. When a snapshot is cloned, it creates an implicit dependency between the parent and child. Even though the clone is created somewhere else in the dataset hierarchy, the original snapshot cannot be destroyed as long as a clone exists. The origin property exposes this dependency, and the destroy command lists any such dependencies, if they exist.
The clone parent-child dependency relationship can be reversed by using the promote subcommand. This causes the "origin" file system to become a clone of the specified file system, which makes it possible to destroy the file system that the clone was created from.
Creating a ZFS file system is a simple operation, so the number of file systems per system is likely to be numerous. To cope with this, ZFS automatically manages mounting and unmounting file systems without the need to edit the /etc/vfstab file. All automatically managed file systems are mounted by ZFS at boot time.
By default, file systems are mounted under /path, where path is the name of the file system in the ZFS namespace. Directories are created and destroyed as needed.
A file system can also have a mount point set in the mountpoint property. This directory is created as needed, and ZFS automatically mounts the file system when the zfs mount -a command is invoked (without editing /etc/vfstab). The mountpoint property can be inherited, so if pool/home has a mount point of /export/stuff, then pool/home/user automatically inherits a mount point of /export/stuff/user.
A file system mountpoint property of none prevents the file system from being mounted.
If needed, ZFS file systems can also be managed with traditional tools (mount, umount, /etc/vfstab). If a file system's mount point is set to legacy, ZFS makes no attempt to manage the file system, and the administrator is responsible for mounting and unmounting the file system.
A ZFS file system can be added to a non-global zone by using the zonecfg add fs subcommand. A ZFS file system that is added to a non-global zone must have its mountpoint property set to legacy.
The physical properties of an added file system are controlled by the global administrator. However, the zone administrator can create, modify, or destroy files within the added file system, depending on how the file system is mounted.
A dataset can also be delegated to a non-global zone by using the zonecfg add dataset subcommand. You cannot delegate a dataset to one zone and the children of the same dataset to another zone. The zone administrator can change properties of the dataset or any of its children. However, the quota property is controlled by the global administrator.
A ZFS volume can be added as a device to a non-global zone by using the zonecfg add device subcommand. However, its physical properties can be modified only by the global administrator.
For more information about zonecfg syntax, see zonecfg(1M).
After a dataset is delegated to a non-global zone, the zoned property is automatically set. A zoned file system cannot be mounted in the global zone, since the zone administrator might have to set the mount point to an unacceptable value.
The global administrator can forcibly clear the zoned property, though this should be done with extreme care. The global administrator should verify that all the mount points are acceptable before clearing the property.
Deduplication is the process for removing redundant data at the block-level, reducing the total amount of data stored. If a file system has the dedup property enabled, duplicate data blocks are removed synchronously. The result is that only unique data is stored and common components are shared among files.
Properties are divided into two types, native properties and user-defined (or "user") properties. Native properties either export internal statistics or control ZFS behavior. In addition, native properties are either editable or read-only. User properties have no effect on ZFS behavior, but you can use them to annotate datasets in a way that is meaningful in your environment. For more information about user properties, see the "User Properties" section, below.
Every dataset has a set of properties that export statistics about the dataset as well as control various behaviors. Properties are inherited from the parent unless overridden by the child. Some properties apply only to certain types of datasets (file systems, volumes, or snapshots).
The values of numeric properties can be specified using human-readable suffixes (for example, k, KB, M, Gb, and so forth, up to Z for zettabyte). The following are all valid (and equal) specifications:
1536M, 1.5g, 1.50GB
The values of non-numeric properties are case sensitive and must be lowercase, except for mountpoint, sharenfs, and sharesmb.
The following native properties consist of read-only statistics about the dataset. These properties can be neither set, nor inherited. Native properties apply to all dataset types unless otherwise noted.
available
This property can also be referred to by its shortened column name, avail.
compressratio
creation
defer_destroy
mounted
origin
referenced
This property can also be referred to by its shortened column name, refer.
type
used
When snapshots (see the "Snapshots" section) are created, their space is initially shared between the snapshot and the file system, and possibly with previous snapshots. As the file system changes, space that was previously shared becomes unique to the snapshot, and counted in the snapshot's space used. Additionally, deleting snapshots can increase the amount of space unique to (and used by) other snapshots.
The amount of space used, available, or referenced does not take into account pending changes. Pending changes are generally accounted for within a few seconds. Committing a change to a disk using fsync(3c) or O_SYNC does not necessarily guarantee that the space usage information is updated immediately.
usedby*
usedbychildren
usedbydataset
usedbyrefreservation
usedbysnapshots
userused@user
Unprivileged users can access only their own space usage. The root user, or a user who has been granted the userused privilege with zfs allow, can access everyone's usage.
The userused@... properties are not displayed by zfs get all. The user's name must be appended after the @ symbol, using one of the following forms:
userrefs
groupused@group
Unprivileged users can only access their own groups' space usage. The root user, or a user who has been granted the groupused privilege with zfs allow, can access all groups' usage.
volblocksize=blocksize
This property can also be referred to by its shortened column name, volblock.
The following native properties can be used to change the behavior of a ZFS dataset.
aclinherit=discard | noallow | restricted | passthrough | passthrough-x
When the property value is set to passthrough, files are created with a mode determined by the inheritable ACEs. If no inheritable ACEs exist that affect the mode, then the mode is set in accordance to the requested mode from the application.
aclmode=discard | groupmask | passthrough
atime=on | off
canmount=on | off | noauto
When the noauto option is set, a dataset can only be mounted and unmounted explicitly. The dataset is not mounted automatically when the dataset is created or imported, nor is it mounted by the zfs mount -a command or unmounted by the zfs unmount -a command.
This property is not inherited.
checksum=on | off | fletcher2,| fletcher4 | sha256
Changing this property affects only newly-written data.
compression=on | off | lzjb | gzip | gzip-N | zle | lzo | lzo9 | bz2 | lzma-N | lzma
This property can also be referred to by its shortened column name compress. Changing this property affects only newly-written data.
zfs-fuse : you can also choose lzo, lzo9, bz2 or lzma with zfs-fuse. Notice that it will create data which will be readable only with zfs-fuse (and not with the other zfs implementations). Here is a quick benchmark of what you can expect from the different compression methods (here when writing bzcat linux-2.6.1.tar.bz2 to a zfs volume)
type size time uncompressed 186501120 17,479 lzjb (on) 88276k 14,768 lzo 64793k 13,541 lzo9 48213k 25,551 gzip 42696k 15,352 lzma 39383k 19,933 bzip2 37992k 23,397
lzma is equivalent to lzma-3, and bz2 is the maximum bzip2 compression (-9).
copies=1 | 2 | 3
Changing this property only affects newly-written data. Therefore, set this property at file system creation time by using the -o copies=N option.
dedup=on | off | verify | sha256[,verify]
If the property is set to verify, then, whenever two blocks have the same signature, ZFS will do a byte-for-byte comparison with the existing block to ensure that the contents are identical.
devices=on | off
exec=on | off
mlslabel=label | none
When the mlslabel property is not set, the default value is none. Setting the mlslabel property to none is equivalent to removing the property.
The mlslabel property can be modified only when Trusted Extensions is enabled and only with appropriate privilege. Rights to modify it cannot be delegated. When changing a label to a higher label or setting the initial dataset label, the {PRIV_FILE_UPGRADE_SL} privilege is required. When changing a label to a lower label or the default (none), the {PRIV_FILE_DOWNGRADE_SL} privilege is required. Changing the dataset to labels other than the default can be done only when the dataset is not mounted. When a dataset with the default label is mounted into a labeled-zone, the mount operation automatically sets the mlslabel property to the label of that zone.
When Trusted Extensions is not enabled, only datasets with the default label (none) can be mounted.
mountpoint=path | none | legacy
When the mountpoint property is changed for a file system, the file system and any children that inherit the mount point are unmounted. If the new value is legacy, then they remain unmounted. Otherwise, they are automatically remounted in the new location if the property was previously legacy or none, or if they were mounted before the property was changed. In addition, any shared file systems are unshared and shared in the new location.
nbmand=on | off
primarycache=all | none | metadata
quota=size | none
Quotas cannot be set on volumes, as the volsize property acts as an implicit quota.
userquota@user=size | none
Enforcement of user quotas may be delayed by several seconds. This delay means that a user might exceed her quota before the system notices that she is over quota. The system would then begin to refuse additional writes with the EDQUOT error message . See the zfs userspace subcommand for more information.
Unprivileged users can only access their own groups' space usage. The root user, or a user who has been granted the userquota privilege with zfs allow, can get and set everyone's quota.
This property is not available on volumes, on file systems before version 4, or on pools before version 15. The userquota@... properties are not displayed by zfs get all. The user's name must be appended after the @ symbol, using one of the following forms:
groupquota@group=size | none
Unprivileged users can access only their own groups' space usage. The root user, or a user who has been granted the groupquota privilege with zfs allow, can get and set all groups' quotas.
readonly=on | off
This property can also be referred to by its shortened column name, rdonly.
recordsize=size
For databases that create very large files but access them in small random chunks, these algorithms may be suboptimal. Specifying a recordsize greater than or equal to the record size of the database can result in significant performance gains. Use of this property for general purpose file systems is strongly discouraged, and may adversely affect performance.
The size specified must be a power of two greater than or equal to 512 and less than or equal to 128 Kbytes.
Changing the file system's recordsize affects only files created afterward; existing files are unaffected.
This property can also be referred to by its shortened column name, recsize.
refquota=size | none
refreservation=size | none
If refreservation is set, a snapshot is only allowed if there is enough free pool space outside of this reservation to accommodate the current number of "referenced" bytes in the dataset.
This property can also be referred to by its shortened column name, refreserv.
reservation=size | none
This property can also be referred to by its shortened column name, reserv.
secondarycache=all | none | metadata
setuid=on | off
shareiscsi=on | off
You might want to set shareiscsi=on for a file system so that all ZFS volumes within the file system are shared by default. However, setting this property on a file system has no direct effect.
sharesmb=on | off | opts
Because SMB shares requires a resource name, a unique resource name is constructed from the dataset name. The constructed name is a copy of the dataset name except that the characters in the dataset name, which would be illegal in the resource name, are replaced with underscore (_) characters. A pseudo property "name" is also supported that allows you to replace the data set name with a specified name. The specified name is then used to replace the prefix dataset in the case of inheritance. For example, if the dataset data/home/john is set to name=john, then data/home/john has a resource name of john. If a child dataset of data/home/john/backups, it has a resource name of john_backups.
When SMB shares are created, the SMB share name appears as an entry in the .zfs/shares directory. You can use the ls or chmod command to display the share-level ACLs on the entries in this directory.
When the sharesmb property is changed for a dataset, the dataset and any children inheriting the property are re-shared with the new options, only if the property was previously set to off, or if they were shared before the property was changed. If the new property is set to off, the file systems are unshared.
sharenfs=on | off | opts
When the sharenfs property is changed for a dataset, the dataset and any children inheriting the property are re-shared with the new options, only if the property was previously off, or if they were shared before the property was changed. If the new property is off, the file systems are unshared.
logbias = latency | throughput
snapdir=hidden | visible
version=1 | 2 | current
volsize=size
The reservation is kept equal to the volume's logical size to prevent unexpected behavior for consumers. Without the reservation, the volume could run out of space, resulting in undefined behavior or data corruption, depending on how the volume is used. These effects can also occur when the volume size is changed while it is in use (particularly when shrinking the size). Extreme care should be used when adjusting the volume size.
Though not recommended, a "sparse volume" (also known as "thin provisioning") can be created by specifying the -s option to the zfs create -V command, or by changing the reservation after the volume has been created. A "sparse volume" is a volume where the reservation is less then the volume size. Consequently, writes to a sparse volume can fail with ENOSPC when the pool is low on space. For a sparse volume, changes to volsize are not reflected in the reservation.
vscan=on | off
xattr=on | off
zoned=on | off
The following three properties cannot be changed after the file system is created, and therefore, should be set when the file system is created. If the properties are not set with the zfs create or zpool create commands, these properties are inherited from the parent dataset. If the parent dataset lacks these properties due to having been created prior to these features being supported, the new file system will have the default values for these properties.
casesensitivity=sensitive | insensitive | mixed
The mixed value for the casesensitivity property indicates that the file system can support requests for both case-sensitive and case-insensitive matching behavior. Currently, case-insensitive matching behavior on a file system that supports mixed behavior is limited to the Solaris CIFS server product. For more information about the mixed value behavior, see the Solaris ZFS Administration Guide.
normalization = none | formC | formD | formKC | formKD
utf8only=on | off
The casesensitivity, normalization, and utf8only properties are also new permissions that can be assigned to non-privileged users by using the ZFS delegated administration feature.
When a file system is mounted, either through mount(1M) for legacy mounts or the zfs mount command for normal file systems, its mount options are set according to its properties. The correlation between properties and mount options is as follows:
PROPERTY MOUNT OPTION devices devices/nodevices exec exec/noexec readonly ro/rw setuid setuid/nosetuid xattr xattr/noxattr
In addition, these options can be set on a per-mount basis using the -o option, without affecting the property that is stored on disk. The values specified on the command line override the values stored in the dataset. The -nosuid option is an alias for nodevices,nosetuid. These properties are reported as "temporary" by the zfs get command. If the properties are changed while the dataset is mounted, the new setting overrides any temporary settings.
In addition to the standard native properties, ZFS supports arbitrary user properties. User properties have no effect on ZFS behavior, but applications or administrators can use them to annotate datasets (file systems, volumes, and snapshots).
User property names must contain a colon (:) character to distinguish them from native properties. They may contain lowercase letters, numbers, and the following punctuation characters: colon (:), dash (-), period (.), and underscore (_). The expected convention is that the property name is divided into two portions such as module:property, but this namespace is not enforced by ZFS. User property names can be at most 256 characters, and cannot begin with a dash (-).
When making programmatic use of user properties, it is strongly suggested to use a reversed DNS domain name for the module component of property names to reduce the chance that two independently-developed packages use the same property name for different purposes. Property names beginning with com.sun. are reserved for use by Sun Microsystems.
The values of user properties are arbitrary strings, are always inherited, and are never validated. All of the commands that operate on properties (zfs list, zfs get, zfs set, and so forth) can be used to manipulate both native properties and user properties. Use the zfs inherit command to clear a user property . If the property is not defined in any parent dataset, it is removed entirely. Property values are limited to 1024 characters.
During an initial installation or a live upgrade from a UFS file system, a swap device and dump device are created on ZFS volumes in the ZFS root pool. By default, the swap area size is based on 1/2 the size of physical memory up to 2 Gbytes. The size of the dump device depends on the kernel's requirements at installation time. Separate ZFS volumes must be used for the swap area and dump devices. Do not swap to a file on a ZFS file system. A ZFS swap file configuration is not supported.
If you need to change your swap area or dump device after the system is installed or upgraded, use the swap(1M) and dumpadm(1M) commands. If you need to change the size of your swap area or dump device, see the Solaris ZFS Administration Guide.
All subcommands that modify state are logged persistently to the pool in their original form.
zfs ?
zfs create [-p] [-o property=value] ... filesystem
-p
-o property=value
zfs create [-ps] [-b blocksize] [-o property=value] ... -V size volume
size is automatically rounded up to the nearest 128 Kbytes to ensure that the volume has an integral number of blocks regardless of blocksize.
-p
-s
-o property=value
-b blocksize
zfs destroy [-rRf] filesystem|volume
-r
-R
-f
Extreme care should be taken when applying either the -r or the -f options, as they can destroy large portions of a pool and cause unexpected behavior for mounted file systems in use.
zfs destroy [-rRd] snapshot
If the snapshot does not qualify for immediate destruction, it is marked for deferred deletion. In this state, it exists as a usable, visible snapshot until both of the preconditions listed above are met, at which point it is destroyed.
-d
-r
-R
zfs snapshot [-r] [-o property=value] ... filesystem@snapname|volume@snapname
-r
-o property=value
zfs rollback [-rRf] snapshot
The -rR options do not recursively destroy the child snapshots of a recursive snapshot. Only the top-level recursive snapshot is destroyed by either of these options. To completely roll back a recursive snapshot, you must rollback the individual child snapshots.
-r
-R
-f
zfs clone [-p] [-o property=value] ... snapshot filesystem|volume
-p
-o property=value
zfs promote clone-filesystem
The snapshot that was cloned, and any snapshots previous to this snapshot, are now owned by the promoted clone. The space they use moves from the origin file system to the promoted clone, so enough space must be available to accommodate these snapshots. No new space is consumed by this operation, but the space accounting is adjusted. The promoted clone must not have any conflicting snapshot names of its own. The rename subcommand can be used to rename any conflicting snapshots.
zfs rename filesystem|volume|snapshot
filesystem|volume|snapshot
zfs rename [-p] filesystem|volume filesystem|volume
-p
zfs rename -r snapshot snapshot
zfs list [-r|-d depth] [-H] [-o property[,...]] [ -t type[,...]] [ -s property ] ... [ -S property ] ... [filesystem|volume|snapshot] ...
-H
-r
-d depth
-o property
-s property
The following is a list of sorting criteria:
-S property
-t type
zfs set property=value filesystem|volume|snapshot ...
zfs get [-r|-d depth] [-Hp] [-o all | field[,...] [-s source[,...]] all | property[,...] filesystem|volume|snapshot ...
name Dataset name property Property name value Property value source Property source. Can either be local, default, temporary, inherited, or none (-).
All columns except the RECEIVED column are displayed by default; specify particular or all columns, using the -o option. This command takes a comma-separated list of properties as described in the "Native Properties" and "User Properties" sections.
The special value all can be used to display all properties that apply to the given dataset's type (filesystem, volume, or snapshot).
-r
-d depth
-H
-o field
name,property,value,received,source
Present multiple fields as a comma-separated list. The default value is:
name,property,value,source
The keyword all specifies all sources.
-s source
local,default,inherited,temporary,received,none
The default value is all sources.
-p
zfs inherit [-rS] property filesystem|volume|snapshot ...
-r
-S
zfs upgrade [-v]
zfs upgrade [-r] [-V version] [-a | filesystem]
In general, the file system version is independent of the pool version. See zpool(1M) for information on the zpool upgrade command.
In some cases, the file system version and the pool version are interrelated and the pool version must be upgraded before the file system version can be upgraded.
-a
filesystem
-r
-V version
zfs userspace [-niHp] [-o field[,...]] [-sS field]... [-t type [,...]] filesystem | snapshot
-n
-H
-p
-o field[,...]
-s field
-S field
-t type[,...]
The default is -t posixuser,smbuser
The default can be changed to include group types.
-i
zfs groupspace [-niHp] [-o field[,...]] [-sS field]... [-t type [,...]] filesystem | snapshot
-
zfs mount
zfs mount [-vO] [-o options] -a | filesystem
-o options
-O
-v
-a
filesystem
zfs unmount [-f] -a | filesystem|mountpoint
-f
-a
filesystem|mountpoint
zfs share -a | filesystem
-a
filesystem
zfs unshare -a | filesystem|mountpoint
-a
filesystem|mountpoint
zfs send [-DvRp] [-[iI] snapshot] snapshot
-D
-i snapshot
If the destination is a clone, the source may be the origin snapshot, which must be fully specified (for example, pool/fs@origin, not just @origin).
-I snapshot
-R
If the -i or -I flags are used in conjunction with the -R flag, an incremental replication stream is generated. The current values of properties, and current snapshot and file system names are set when the stream is received. If the -F flag is specified when this stream is received, snapshots and file systems that do not exist on the sending side are destroyed.
-p
-v
The format of the stream is committed. You will be able to receive your streams on future versions of ZFS.
zfs receive [-vnFu] filesystem|volume|snapshot
zfs receive [-vnFu] [-d | -e] filesystem
If an incremental stream is received, then the destination file system must already exist, and its most recent snapshot must match the incremental stream's source. For zvols, the destination device link is destroyed and recreated, which means the zvol cannot be accessed during the receive operation.
When a snapshot replication package stream that is generated by using the zfs send -R command is received, any snapshots that do not exist on the sending location are destroyed by using the zfs destroy -d command.
The name of the snapshot (and file system, if a full stream is received) that this subcommand creates depends on the argument type and the -d or -e option.
If the argument is a snapshot name, the specified snapshot is created. If the argument is a file system or volume name, a snapshot with the same name as the sent snapshot is created within the specified filesystem or volume. If the -d or -e option is specified, the snapshot name is determined by appending the sent snapshot's name to the specified filesystem. If the -d option is specified, all but the pool name of the sent snapshot path is appended (for example, b/c@1 appended from sent snapshot a/b/c@1), and if the -e option is specified, only the tail of the sent snapshot path is appended (for example, c@1 appended from sent snapshot a/b/c@1). In the case of -d, any file systems needed to replicate the path of the sent snapshot are created within the specified file system.
-d
-e
-u
-v
-n
-F
zfs allow filesystem | volume
zfs allow [-ldug] "everyone"|user|group[,...] perm|@setname[,...] filesystem| volume
zfs allow [-ld] -e perm|@setname[,...] filesystem | volume
[-ug] "everyone"|user|group[,...]
[-e] perm|@setname[,...]
[-ld] filesystem|volume
Permissions are generally the ability to use a ZFS subcommand or change a ZFS property. The following permissions are available:
NAME TYPE NOTES allow subcommand Must also have the permission that is being allowed clone subcommand Must also have the 'create' ability and 'mount' ability in the origin file system create subcommand Must also have the 'mount' ability destroy subcommand Must also have the 'mount' ability hold subcommand Allows adding a user hold to a snapshot mount subcommand Allows mount/umount of ZFS datasets promote subcommand Must also have the 'mount' and 'promote' ability in the origin file system receive subcommand Must also have the 'mount' and 'create' ability release subcommand Allows releasing a user hold which might destroy the snapshot rename subcommand Must also have the 'mount' and 'create' ability in the new parent rollback subcommand send subcommand share subcommand Allows sharing file systems over NFS or SMB protocols snapshot subcommand groupquota other Allows accessing any groupquota@... property groupused other Allows reading any groupused@... property userprop other Allows changing any user property userquota other Allows accessing any userquota@... property userused other Allows reading any userused@... property aclinherit property aclmode property atime property canmount property casesensitivity property checksum property compression property copies property dedup property devices property exec property logbias property mlslabel property mountpoint property nbmand property normalization property primarycache property quota property readonly property recordsize property refquota property refreservation property reservation property secondarycache property setuid property shareiscsi property sharenfs property sharesmb property snapdir property utf8only property version property volblocksize property volsize property vscan property xattr property zoned property
zfs allow -c perm|@setname[,...] filesystem|volume
zfs allow -s @setname perm|@setname[,...] filesystem|volume
zfs unallow [-rldug] "everyone"|user|group[,...] [perm|@setname[, ...]] filesystem|volume
zfs unallow [-rld] -e [perm|@setname [,...]] filesystem|volume
zfs unallow [-r] -c [perm|@setname[,...]]
filesystem|volume
-r
zfs unallow [-r] -s @setname [perm|@setname[,...]]
filesystem|volume
zfs hold [-r] tag snapshot...
If a hold exists on a snapshot, attempts to destroy that snapshot by using the zfs destroy command return EBUSY.
-r
zfs holds [-r] snapshot...
-r
zfs release [-r] tag snapshot...
If a hold exists on a snapshot, attempts to destroy that snapshot by using the zfs destroy command return EBUSY.
-r
Example 1 Creating a ZFS File System Hierarchy
The following commands create a file system named pool/home and a file system named pool/home/bob. The mount point /export/home is set for the parent file system, and is automatically inherited by the child file system.
# zfs create pool/home # zfs set mountpoint=/export/home pool/home # zfs create pool/home/bob
Example 2 Creating a ZFS Snapshot
The following command creates a snapshot named yesterday. This snapshot is mounted on demand in the .zfs/snapshot directory at the root of the pool/home/bob file system.
# zfs snapshot pool/home/bob@yesterday
Example 3 Creating and Destroying Multiple Snapshots
The following command creates snapshots named yesterday of pool/home and all of its descendent file systems. Each snapshot is mounted on demand in the .zfs/snapshot directory at the root of its file system. The second command destroys the newly created snapshots.
# zfs snapshot -r pool/home@yesterday # zfs destroy -r pool/home@yesterday
Example 4 Disabling and Enabling File System Compression
The following command disables the compression property for all file systems under pool/home. The next command explicitly enables compression for pool/home/anne.
# zfs set compression=off pool/home # zfs set compression=on pool/home/anne
Example 5 Listing ZFS Datasets
The following command lists all active file systems and volumes in the system. Snapshots are displayed if the listsnaps property is on. The default is off. See zpool(1M) for more information on pool properties.
# zfs list NAME USED AVAIL REFER MOUNTPOINT pool 450K 457G 18K /pool pool/home 315K 457G 21K /export/home pool/home/anne 18K 457G 18K /export/home/anne pool/home/bob 276K 457G 276K /export/home/bob
Example 6 Setting a Quota on a ZFS File System
The following command sets a quota of 50 Gbytes for pool/home/bob.
# zfs set quota=50G pool/home/bob
Example 7 Listing ZFS Properties
The following command lists all properties for pool/home/bob.
# zfs get all pool/home/bob NAME PROPERTY VALUE SOURCE pool/home/bob type filesystem - pool/home/bob creation Mon Nov 9 15:05 2009 - pool/home/bob used 282M - pool/home/bob available 134G - pool/home/bob referenced 282M - pool/home/bob compressratio 1.00x - pool/home/bob mounted yes - pool/home/bob quota none default pool/home/bob reservation none default pool/home/bob recordsize 128K default pool/home/bob mountpoint /pool/home/bob default pool/home/bob sharenfs off default pool/home/bob checksum on default pool/home/bob compression on local pool/home/bob atime on default pool/home/bob devices on default pool/home/bob exec on default pool/home/bob setuid on default pool/home/bob readonly off default pool/home/bob zoned off default pool/home/bob snapdir hidden default pool/home/bob aclmode groupmask default pool/home/bob aclinherit restricted default pool/home/bob canmount on default pool/home/bob shareiscsi off default pool/home/bob xattr on default pool/home/bob copies 1 default pool/home/bob version 4 - pool/home/bob utf8only off - pool/home/bob normalization none - pool/home/bob casesensitivity sensitive - pool/home/bob vscan off default pool/home/bob nbmand off default pool/home/bob sharesmb off default pool/home/bob refquota none default pool/home/bob refreservation none default pool/home/bob primarycache all default pool/home/bob secondarycache all default pool/home/bob usedbysnapshots 0 - pool/home/bob usedbydataset 282M - pool/home/bob usedbychildren 0 - pool/home/bob usedbyrefreservation 0 - pool/home/bob logbias latency default pool/home/bob dedup off default pool/home/bob mlslabel none default
The following command gets a single property value.
# zfs get -H -o value compression pool/home/bob on
The following command lists all properties with local settings for pool/home/bob.
# zfs get -r -s local -o name,property,value all pool/home/bob NAME PROPERTY VALUE pool/home/bob quota 20G pool/home/bob compression on
Example 8 Rolling Back a ZFS File System
The following command reverts the contents of pool/home/anne to the snapshot named yesterday, deleting all intermediate snapshots.
# zfs rollback -r pool/home/anne@yesterday
Example 9 Creating a ZFS Clone
The following command creates a writable file system whose initial contents are the same as pool/home/bob@yesterday.
# zfs clone pool/home/bob@yesterday pool/clone
Example 10 Promoting a ZFS Clone
The following commands illustrate how to test out changes to a file system, and then replace the original file system with the changed one, using clones, clone promotion, and renaming:
# zfs create pool/project/production populate /pool/project/production with data # zfs snapshot pool/project/production@today # zfs clone pool/project/production@today pool/project/beta make changes to /pool/project/beta and test them # zfs promote pool/project/beta # zfs rename pool/project/production pool/project/legacy # zfs rename pool/project/beta pool/project/production once the legacy version is no longer needed, it can be destroyed # zfs destroy pool/project/legacy
Example 11 Inheriting ZFS Properties
The following command causes pool/home/bob and pool/home/anne to inherit the checksum property from their parent.
# zfs inherit checksum pool/home/bob pool/home/anne
Example 12 Remotely Replicating ZFS Data
The following commands send a full stream and then an incremental stream to a remote machine, restoring them into poolB/received/fs@aand poolB/received/fs@b, respectively. poolB must contain the file system poolB/received, and must not initially contain poolB/received/fs.
# zfs send pool/fs@a | \ ssh host zfs receive poolB/received/fs@a # zfs send -i a pool/fs@b | ssh host \ zfs receive poolB/received/fs
Example 13 Using the zfs receive -d Option
The following command sends a full stream of poolA/fsA/fsB@snap to a remote machine, receiving it into poolB/received/fsA/fsB@snap. The fsA/fsB@snap portion of the received snapshot's name is determined from the name of the sent snapshot. poolB must contain the file system poolB/received. If poolB/received/fsA does not exist, it is created as an empty file system.
# zfs send poolA/fsA/fsB@snap | \ ssh host zfs receive -d poolB/received
Example 14 Setting User Properties
The following example sets the user-defined com.example:department property for a dataset.
# zfs set com.example:department=12345 tank/accounting
Example 15 Creating a ZFS Volume as an iSCSI Target Device
The following example shows how to create a ZFS volume as an iSCSI target.
# zfs create -V 2g pool/volumes/vol1 # zfs set shareiscsi=on pool/volumes/vol1 # iscsitadm list target Target: pool/volumes/vol1 iSCSI Name: iqn.1986-03.com.sun:02:7b4b02a6-3277-eb1b-e686-a24762c52a8c Connections: 0
After the iSCSI target is created, set up the iSCSI initiator. For more information about the Solaris iSCSI initiator, see iscsitadm(1M).
Example 16 Performing a Rolling Snapshot
The following example shows how to maintain a history of snapshots with a consistent naming scheme. To keep a week's worth of snapshots, the user destroys the oldest snapshot, renames the remaining snapshots, and then creates a new snapshot, as follows:
# zfs destroy -r pool/users@7daysago # zfs rename -r pool/users@6daysago @7daysago # zfs rename -r pool/users@5daysago @6daysago # zfs rename -r pool/users@yesterday @5daysago # zfs rename -r pool/users@yesterday @4daysago # zfs rename -r pool/users@yesterday @3daysago # zfs rename -r pool/users@yesterday @2daysago # zfs rename -r pool/users@today @yesterday # zfs snapshot -r pool/users@today
Example 17 Setting sharenfs Property Options on a ZFS File System
The following commands show how to set sharenfs property options to enable rw access for a set of IP addresses and to enable root access for system neo on the tank/home file system.
# # zfs set sharenfs='rw=@123.123.0.0/16,root=neo' tank/home
If you are using DNS for host name resolution, specify the fully qualified hostname.
Example 18 Delegating ZFS Administration Permissions on a ZFS Dataset
The following example shows how to set permissions so that user cindys can create, destroy, mount, and take snapshots on tank/cindys. The permissions on tank/cindys are also displayed.
# zfs allow cindys create,destroy,mount,snapshot tank/cindys # zfs allow tank/cindys ------------------------------------------------------------- Local+Descendent permissions on (tank/cindys) user cindys create,destroy,mount,snapshot -------------------------------------------------------------
Because the tank/cindys mount point permission is set to 755 by default, user cindys will be unable to mount file systems under tank/cindys. Set an ACL similar to the following syntax to provide mount point access:
# chmod A+user:cindys:add_subdirectory:allow /tank/cindys
Example 19 Delegating Create Time Permissions on a ZFS Dataset
The following example shows how to grant anyone in the group staff to create file systems in tank/users. This syntax also allows staff members to destroy their own file systems, but not destroy anyone else's file system. The permissions on tank/users are also displayed.
# # zfs allow staff create,mount tank/users # zfs allow -c destroy tank/users # zfs allow tank/users ------------------------------------------------------------- Create time permissions on (tank/users) create,destroy Local+Descendent permissions on (tank/users) group staff create,mount -------------------------------------------------------------
Example 20 Defining and Granting a Permission Set on a ZFS Dataset
The following example shows how to define and grant a permission set on the tank/users file system. The permissions on tank/users are also displayed.
# zfs allow -s @pset create,destroy,snapshot,mount tank/users # zfs allow staff @pset tank/users # zfs allow tank/users ------------------------------------------------------------- Permission sets on (tank/users) @pset create,destroy,mount,snapshot Create time permissions on (tank/users) create,destroy Local+Descendent permissions on (tank/users) group staff @pset,create,mount -------------------------------------------------------------
Example 21 Delegating Property Permissions on a ZFS Dataset
The following example shows to grant the ability to set quotas and reservations on the users/home file system. The permissions on users/home are also displayed.
# zfs allow cindys quota,reservation users/home # zfs allow users/home ------------------------------------------------------------- Local+Descendent permissions on (users/home) user cindys quota,reservation ------------------------------------------------------------- cindys% zfs set quota=10G users/home/marks cindys% zfs get quota users/home/marks NAME PROPERTY VALUE SOURCE users/home/marks quota 10G local
Example 22 Removing ZFS Delegated Permissions on a ZFS Dataset
The following example shows how to remove the snapshot permission from the staff group on the tank/users file system. The permissions on tank/users are also displayed.
# zfs unallow staff snapshot tank/users # zfs allow tank/users ------------------------------------------------------------- Permission sets on (tank/users) @pset create,destroy,mount,snapshot Create time permissions on (tank/users) create,destroy Local+Descendent permissions on (tank/users) group staff @pset,create,mount -------------------------------------------------------------
The following exit values are returned:
0
1
2
See attributes(5) for descriptions of the following attributes:
|
ssh(1), iscsitadm(1M), mount(1M), share(1M), sharemgr(1M), unshare(1M), zonecfg(1M), zpool(1M), chmod(2), stat(2), write(2), fsync(3C), dfstab(4), attributes(5)
See the gzip(1) man page, which is not part of the SunOS man page collection.
For information about using the ZFS web-based management tool and other ZFS features, see the Solaris ZFS Administration Guide.