I Want My ZFS
By haa on Feb 13, 2009
If you want to try out ZFS, you'll be glad to learn that when you install OpenSolaris 2008.11, the user you create during installation will have its home directory on a distinct ZFS filesystem. Running zfs list will show you that /export, /export/home, and /export/home/<username> are each ZFS filesystems.
haik@opensolaris:~$ zfs list NAME USED AVAIL REFER MOUNTPOINT rpool 2.41G 1.50G 72K /rpool rpool/ROOT 2.38G 1.50G 18K legacy rpool/ROOT/opensolaris 2.38G 1.50G 2.26G / rpool/export 21.2M 1.50G 19K /export rpool/export/home 21.2M 1.50G 19K /export/home rpool/export/home/haik 21.1M 1.50G 19.2M /export/home/haik
If you enable the Time Slider service, a cron job will run periodically and create snapshots of these filesystems including your home directory. To see these snapshots you would run zfs list -t snapshot. I've limited the output to the name column here:
haik@opensolaris:~$ zfs list -t snapshot -o name NAME rpool/ROOT/opensolaris@install rpool/export/home/haik@zfs-auto-snap:daily-2009-01-14-00:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-00:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-01:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-02:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-03:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-04:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-05:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-06:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-07:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-08:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-09:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-10:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-11:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-12:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-13:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-14:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-15:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-16:00 rpool/export/home/haik@zfs-auto-snap:hourly-2009-01-14-17:00 rpool/export/home/haik@zfs-auto-snap:frequent-2009-01-14-17:00 rpool/export/home/haik@zfs-auto-snap:frequent-2009-01-14-17:15 rpool/export/home/haik@zfs-auto-snap:frequent-2009-01-14-17:30 rpool/export/home/haik@zfs-auto-snap:frequent-2009-01-14-17:45
You can browse these snapshots in Nautilus (the Gnome graphical file browser) by navigating to your home directory and clicking the Time Slider button.
But what is it good for?
I've been using ZFS to backup my laptop home directory. I've created a ZFS fileystem "backup-powerbook" in my home directory on my OpenSolaris workstation. I use rsync over ssh to copy my laptop home directory over from my laptop to my OpenSolaris machine and then I take a snapshot when the rsync completes. For example, on the laptop:
and then on the workstation:haik@powerbook $ sudo /bin/bash Password: root@powerbook # pwd /Users/haik root@powerbook # cd .. root@powerbook # rsync -avz --delete -e ssh \\ haik email@example.com:~/backup-powerbook/
haik@opensolaris:~$ pfexec zfs snapshot \\ rpool/export/home/haik/backup-powerbook@2009-02-12
You need administrator privileges? That ain't cool.
Note how I prefixed that zfs snapshot command with pfexec. Back in the old days of ZFS, all ZFS operations required root privileges. Since then, ZFS Delegated Administration was introduced. This feature allows the administrator to delegate ZFS privileges to certain users for certain filesystems. As I mentioned, by default OpenSolaris 2008.11 puts the initial user's home directory on a ZFS fileystem, but in order to take snapshots or create filesystems, the user will need to either a) su to the root role, b) use the administrator profile by executing pfexec or c) have been given the necessary ZFS permissions. On a standard 2008.11 fresh install, only the initial user can su to the root role or use the administrator profile.
haik@opensolaris:~$ pfexec zfs create rpool/export/home/haik/backup-powerbook haik@opensolaris:~$
Without pfexec, the create fails:
haik@opensolaris:~$ zfs create rpool/export/home/haik/backup-powerbook cannot create 'rpool/export/home/haik/backup-powerbook': permission denied
I like the idea of letting users manage their own filesystems within their home directory so I've used ZFS Delegated Administration to allow that. This is done with the zfs allow command. You can grant ZFS permissions to individual users with one command or you can create permission sets which allow you to easily grant the same permissions to different users on different filesystems. In my case, I create two permission sets. One is for home directories and one is for file systems that are descendents of home directories. I use two different sets because I do not want users to be allowed to rename their home directory, only descendents of their home directory. Here's a script I use after adding a new user. Checkout zfs(1M) for more information.
This script simply looks at the contents of the /export/home directory. For each file or directory within /export/home, it assumes that a user exists with the same username and that a filesystem exists of the form rpool/export/home/<username>. It then gives <username> various permissions on filesystem rpool/export/home/<username>. There are better, more reliable, ways to do this. You would need to execute the script with pfexec.
#!/usr/bin/bash HOME_FS=rpool/export/home HOME_PATH=/export/home HOME_PERMS=create,snapshot,clone,mount,share,send,compression,promote,destroy HOME_DESCENDENT_PERMS=$HOME_PERMS,rename HOME_SET_NAME='@home_set' HOME_DESCENDENT_SET_NAME='@home_descendent_set' # Create the permission sets zfs allow -s $HOME_SET_NAME $HOME_PERMS $HOME_FS zfs allow -s $HOME_DESCENDENT_SET_NAME $HOME_DESCENDENT_PERMS $HOME_FS # Assign the permission sets for user in `ls $HOME_PATH` do zfs allow -l $user $HOME_SET_NAME $HOME_FS/$user zfs allow -d $user $HOME_DESCENDENT_SET_NAME $HOME_FS/$user done
You can view the results with the zfs allow command:
haik@opensolaris:~$ zfs allow rpool/export/home/haik ------------------------------------------------------------- Local permissions on (rpool/export/home/haik) user haik @home_set Descendent permissions on (rpool/export/home/haik) user haik @home_descendent_set ------------------------------------------------------------- Permission sets on (rpool/export/home) @home_descendent_set allow,clone,create,destroy, mount,promote,rename,send,share,snapshot @home_set allow,clone,create,destroy,mount,promote, send,share,snapshot -------------------------------------------------------------
Without the script and without using permission sets, I could accomplish the same thing with the following commands for each user.
haik@opensolaris:~$ pfexec zfs allow -l haik \\ create,snapshot,clone,mount,share,send,compression,promote,destroy \\ rpool/export/home/haik haik@opensolaris:~$ pfexec zfs allow -d haik \\ create,snapshot,clone,mount,share,send,compression,promote,destroy,rename \\ rpool/export/home/haik
Now that my user has these permissions, I can create my own filesystems:
haik@opensolaris:~$ zfs create rpool/export/home/haik/music haik@opensolaris:~$ zfs create rpool/export/home/haik/email haik@opensolaris:~$ zfs set compression=on rpool/export/home/haik/email rpool/export/home/haik/email 18K 1.53G 18K /export/home/haik/email haik@opensolaris:~$ zfs snapshot -r rpool/export/home/haik@2008-02-10
As expected, I'm still prevented from creating a file system directly on rpool/export/home.
haik@opensolaris:~$ zfs create rpool/export/home/foo cannot create 'rpool/export/home/foo': permission denied