Backup and ZFS delegation

2024-03-22

1 minute read

ZFS

zfs , storage , ubuntu

In order to allow backups to take place for a given dataset, the user needs to have proper access rights via OpenZFS delegation. This allows to fine tune the access rights of that particular user on that particular dataset and avoir the backup user to be able to delete the whole dataset in case of security breach.

For that, you need to check the great article by Jim Salter.

As we will be using sanoid, some specific rights will be given (given that it does a bit more than a simple send-receive) but basically, the send and receive need to be given.

This short article focuses on the delegation, not on the creation of the backupuser, datasets and anything else.

On the sending server (active server)

You need to run the following to provide the correct delegation:

1sudo zfs allow backupuser hold,send,snapshot data/Photos

On the receiving server (backup server)

As you did not create anything yet on the backup server, the best thing is to give the rights on the “main” dataset:

1sudo zfs allow backupuser create,mount,receive,rollback backup