ZFS Delegated Administration
ZFS keeps improving and now has the ability to delegate zfs administrative tasks to ordinary users.
Two styles of delegated permissions are supported. First the individual permission(s) can be explicitly specified, or the administrator can define a permission set. A permission set can then later be updated and all of the consumers of the set will automatically pick up the change. Permission sets all begin with the letter @ and are limited to 64 characters in length. Characters after the @ sign in a set name have the same restrictions as normal ZFS file system names.
Nice and simply unix style interface, with lots of scripting potential. I can see some usefulness in this once Solaris gets its iscsi stack sorted and I get it going with XenEnterprise.
Permissions are delegated with the allow subcommand to ZFS(1M). zfs allow [-l] [-d] <"everyone"|user|group>[,<"everyone" |user|group>] <perm>|@<setname>[,<perm>|@<setname>...] <filesystem|volume> zfs allow [-l] [-d] -u <user> <perm>|@<setname>[,<perm>|@<setname>...] <filesystem|volume> zfs allow [-l] [-d] -g <group> <perm>|@<setname>[,<perm>|@<setname>...] <filesystem|volume> zfs allow [-l] [-d] -e <perm>|@<setname>[,<perm>|@<setname>...]<filesystem|volume> zfs allow -c <perm>|@<setname>[,<perm>|@<setname>...] <filesystem|volume> zfs allow -s @setname <perm>|@<setname>[,<perm>...] <filesystem|volume>