On 5/1/2011 9:46 AM, Matt Connolly wrote: > Hi all, > > I'm putting together a script to create zfs snapshots after a backup has been > completed (via Apple TimeMachine or rsync for example). When I'm logged into > the machine, I can only access the "zfs snapshot" command as root via "sudo" > or "pfexec". Neither of these are available directly from a ssh command. For > example: > > client$ ssh user@server > server$ sudo zfs snapshot blah@blah -> works > ..or.. > server$ pfexec zfs snapshot blah@blah -> works > > ..but.. > > client$ ssh user@host zfs snapshot blah -> fails = permission denied > client$ ssh user@host pfexec zfs snapshot blah -> fails = permission denied > client$ ssh user@host sudo zfs snapshot blah -> fails = sudo: no tty present > and no askpass program specified > > What would be the best practice for creating a zfs snapshot based on an > external trigger (eg: message from client after a successful backup).
Allow the backup user to have the zfssnap role with RBAC. With that set you can run something like this: DATE=$(date +%Y-%m-%d-%H:%M) ssh user@10.0.0.x "pfexec /usr/sbin/zfs snapshot BACKUPS/foohost@$DATE" Proof that it works (though I didn't run an actual backup, so there's no new data): ~ # ssh user@10.0.0.x "/usr/sbin/zfs list -H -r -t snapshot BACKUPS/foohost" |tail -n 1 BACKUPS/foohost@2011-05-01-11:38 0 - 13.3G - Jamon _______________________________________________ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
