I set this up with pfexec, I think on 151a4, and it has survived updates without change so far (currently working on a7), and all I had to do was add the "ZFS File System Management" profile to the backup user. I did this via the users-admin gui, I think usermod -P does the same thing, but here is the relevant line from /etc/user_attr:
backup::::type=normal;profiles=ZFS File System Management;roles=netadm,netcfg,root,zfssnap I didn't need to mess with the properties on the filesystem. I set up ssh keys for passwordless ssh, and my incremental zfs send/receive command looks like this (with variables replaced and logging redirection removed): zfs send -vI "<oldsnap>" "<fs>@<newsnap>" | ssh "backup@<host>" "pfexec zfs receive -vF \"<destfs>\"" Works pretty well, though I get ~70MB/s on gigabit ethernet instead of the theoretically possible 120MB/s, and I'm not sure why (NFS gets pretty close to 120MB/s on the same network). Tim On Tue, Oct 23, 2012 at 12:59 PM, Geoff Nordli <[email protected]> wrote: > On 12-10-23 04:52 AM, Sebastian Gabler wrote: > >> Hi, >> >> I am facing a problem with zfs receive through ssh. As usually, root >> can't log on ssh; the log on users can't receive a zfs stream (rights >> problem), and pfexec is disabled on the target host (as I understand it is >> nowadays default for OI151_a...) >> >> What are the suggestions to solve this? I tried several approaches with >> sudo, and su to no avail. I had tried to enable pfexec on the target >> system, too and couldn't do it. >> >> Thanks for your help. >> >> BR >> >> Sebastian >> > > > Hi Sebastian. > > I use the sudo method and I also assign the user zfs rights for that pool. > here is my sudoers file: > > bkuser ALL = NOPASSWD: /usr/sbin/zfs > > and here is the rights assignment: > > zfs allow -s @adminrole clone,create,destroy,mount,** > promote,quota,receive,rename,**reservation,rollback,send,**snapshot,userprop > backup > zfs allow bkuser @adminrole backup > > > I am sure it could be a lot tighter for security, but it works. > > Have a great day!! > > Geoff > > > > > > > ______________________________**_________________ > OpenIndiana-discuss mailing list > OpenIndiana-discuss@**openindiana.org<[email protected]> > http://openindiana.org/**mailman/listinfo/openindiana-**discuss<http://openindiana.org/mailman/listinfo/openindiana-discuss> > _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
