384 is set to \fBlegacy\fR, \fBZFS\fR makes no attempt to manage the file system,
385 and the administrator is responsible for mounting and unmounting the file
386 system.
387 .SS "Zones"
388 .sp
389 .LP
390 A \fBZFS\fR file system can be added to a non-global zone by using the
391 \fBzonecfg\fR \fBadd fs\fR subcommand. A \fBZFS\fR file system that is added to
392 a non-global zone must have its \fBmountpoint\fR property set to \fBlegacy\fR.
393 .sp
394 .LP
395 The physical properties of an added file system are controlled by the global
396 administrator. However, the zone administrator can create, modify, or destroy
397 files within the added file system, depending on how the file system is
398 mounted.
399 .sp
400 .LP
401 A dataset can also be delegated to a non-global zone by using the \fBzonecfg\fR
402 \fBadd dataset\fR subcommand. You cannot delegate a dataset to one zone and the
403 children of the same dataset to another zone. The zone administrator can change
404 properties of the dataset or any of its children. However, the \fBquota\fR
405 property is controlled by the global administrator.
406 .sp
407 .LP
408 A \fBZFS\fR volume can be added as a device to a non-global zone by using the
409 \fBzonecfg\fR \fBadd device\fR subcommand. However, its physical properties can
410 be modified only by the global administrator.
411 .sp
412 .LP
413 For more information about \fBzonecfg\fR syntax, see \fBzonecfg\fR(1M).
414 .sp
415 .LP
416 After a dataset is delegated to a non-global zone, the \fBzoned\fR property is
417 automatically set. A zoned file system cannot be mounted in the global zone,
418 since the zone administrator might have to set the mount point to an
419 unacceptable value.
420 .sp
421 .LP
422 The global administrator can forcibly clear the \fBzoned\fR property, though
423 this should be done with extreme care. The global administrator should verify
424 that all the mount points are acceptable before clearing the property.
425 .SS "Native Properties"
951 .sp .6
952 .RS 4n
953 Controls whether device nodes can be opened on this file system. The default
954 value is \fBon\fR.
955 .RE
956
957 .sp
958 .ne 2
959 .na
960 \fB\fBexec\fR=\fBon\fR | \fBoff\fR\fR
961 .ad
962 .sp .6
963 .RS 4n
964 Controls whether processes can be executed from within this file system. The
965 default value is \fBon\fR.
966 .RE
967
968 .sp
969 .ne 2
970 .na
971 \fB\fBmountpoint\fR=\fIpath\fR | \fBnone\fR | \fBlegacy\fR\fR
972 .ad
973 .sp .6
974 .RS 4n
975 Controls the mount point used for this file system. See the "Mount Points"
976 section for more information on how this property is used.
977 .sp
978 When the \fBmountpoint\fR property is changed for a file system, the file
979 system and any children that inherit the mount point are unmounted. If the new
980 value is \fBlegacy\fR, then they remain unmounted. Otherwise, they are
981 automatically remounted in the new location if the property was previously
982 \fBlegacy\fR or \fBnone\fR, or if they were mounted before the property was
983 changed. In addition, any shared file systems are unshared and shared in the
984 new location.
985 .RE
986
987 .sp
988 .ne 2
989 .na
990 \fB\fBnbmand\fR=\fBon\fR | \fBoff\fR\fR
1014 .sp
1015 .ne 2
1016 .na
1017 \fB\fBquota\fR=\fIsize\fR | \fBnone\fR\fR
1018 .ad
1019 .sp .6
1020 .RS 4n
1021 Limits the amount of space a dataset and its descendents can consume. This
1022 property enforces a hard limit on the amount of space used. This includes all
1023 space consumed by descendents, including file systems and snapshots. Setting a
1024 quota on a descendent of a dataset that already has a quota does not override
1025 the ancestor's quota, but rather imposes an additional limit.
1026 .sp
1027 Quotas cannot be set on volumes, as the \fBvolsize\fR property acts as an
1028 implicit quota.
1029 .RE
1030
1031 .sp
1032 .ne 2
1033 .na
1034 \fB\fBuserquota@\fR\fIuser\fR=\fIsize\fR | \fBnone\fR\fR
1035 .ad
1036 .sp .6
1037 .RS 4n
1038 Limits the amount of space consumed by the specified user. User space
1039 consumption is identified by the \fBuserspace@\fR\fIuser\fR property.
1040 .sp
1041 Enforcement of user quotas may be delayed by several seconds. This delay means
1042 that a user might exceed their quota before the system notices that they are
1043 over quota and begins to refuse additional writes with the \fBEDQUOT\fR error
1044 message . See the \fBzfs userspace\fR subcommand for more information.
1045 .sp
1046 Unprivileged users can only access their own groups' space usage. The root
1047 user, or a user who has been granted the \fBuserquota\fR privilege with \fBzfs
1048 allow\fR, can get and set everyone's quota.
1049 .sp
1050 This property is not available on volumes, on file systems before version 4, or
1051 on pools before version 15. The \fBuserquota@\fR... properties are not
1052 displayed by \fBzfs get all\fR. The user's name must be appended after the
1053 \fB@\fR symbol, using one of the following forms:
3110 send subcommand
3111 share subcommand Allows sharing file systems over NFS or SMB
3112 protocols
3113 snapshot subcommand Must also have the 'mount' ability
3114 groupquota other Allows accessing any groupquota@... property
3115 groupused other Allows reading any groupused@... property
3116 userprop other Allows changing any user property
3117 userquota other Allows accessing any userquota@... property
3118 userused other Allows reading any userused@... property
3119
3120 aclinherit property
3121 aclmode property
3122 atime property
3123 canmount property
3124 casesensitivity property
3125 checksum property
3126 compression property
3127 copies property
3128 devices property
3129 exec property
3130 mountpoint property
3131 nbmand property
3132 normalization property
3133 primarycache property
3134 quota property
3135 readonly property
3136 recordsize property
3137 refquota property
3138 refreservation property
3139 reservation property
3140 secondarycache property
3141 setuid property
3142 shareiscsi property
3143 sharenfs property
3144 sharesmb property
3145 snapdir property
3146 utf8only property
3147 version property
3148 volblocksize property
3149 volsize property
3150 vscan property
3151 xattr property
3152 zoned property
3153 .fi
3154 .in -2
3155 .sp
3156
3157 .sp
3158 .ne 2
3159 .na
3160 \fB\fBzfs allow\fR \fB-c\fR \fIperm\fR|@\fIsetname\fR[,...]
3161 \fIfilesystem\fR|\fIvolume\fR\fR
3162 .ad
3163 .sp .6
3164 .RS 4n
3165 Sets "create time" permissions. These permissions are granted (locally) to the
|
384 is set to \fBlegacy\fR, \fBZFS\fR makes no attempt to manage the file system,
385 and the administrator is responsible for mounting and unmounting the file
386 system.
387 .SS "Zones"
388 .sp
389 .LP
390 A \fBZFS\fR file system can be added to a non-global zone by using the
391 \fBzonecfg\fR \fBadd fs\fR subcommand. A \fBZFS\fR file system that is added to
392 a non-global zone must have its \fBmountpoint\fR property set to \fBlegacy\fR.
393 .sp
394 .LP
395 The physical properties of an added file system are controlled by the global
396 administrator. However, the zone administrator can create, modify, or destroy
397 files within the added file system, depending on how the file system is
398 mounted.
399 .sp
400 .LP
401 A dataset can also be delegated to a non-global zone by using the \fBzonecfg\fR
402 \fBadd dataset\fR subcommand. You cannot delegate a dataset to one zone and the
403 children of the same dataset to another zone. The zone administrator can change
404 properties of the dataset or any of its children. However, the \fBquota\fR,
405 \fBfilesystem_limit\fR and \fBsnapshot_limit\fR properties are controlled by the
406 global administrator.
407 .sp
408 .LP
409 A \fBZFS\fR volume can be added as a device to a non-global zone by using the
410 \fBzonecfg\fR \fBadd device\fR subcommand. However, its physical properties can
411 be modified only by the global administrator.
412 .sp
413 .LP
414 For more information about \fBzonecfg\fR syntax, see \fBzonecfg\fR(1M).
415 .sp
416 .LP
417 After a dataset is delegated to a non-global zone, the \fBzoned\fR property is
418 automatically set. A zoned file system cannot be mounted in the global zone,
419 since the zone administrator might have to set the mount point to an
420 unacceptable value.
421 .sp
422 .LP
423 The global administrator can forcibly clear the \fBzoned\fR property, though
424 this should be done with extreme care. The global administrator should verify
425 that all the mount points are acceptable before clearing the property.
426 .SS "Native Properties"
952 .sp .6
953 .RS 4n
954 Controls whether device nodes can be opened on this file system. The default
955 value is \fBon\fR.
956 .RE
957
958 .sp
959 .ne 2
960 .na
961 \fB\fBexec\fR=\fBon\fR | \fBoff\fR\fR
962 .ad
963 .sp .6
964 .RS 4n
965 Controls whether processes can be executed from within this file system. The
966 default value is \fBon\fR.
967 .RE
968
969 .sp
970 .ne 2
971 .na
972 \fB\fBfilesystem_limit\fR=\fIcount\fR | \fBnone\fR\fR
973 .ad
974 .sp .6
975 .RS 4n
976 Limits the number of filesystems that can exist at this point in the filesystem
977 tree. The count of nested filesystems includes the filesystem on which the
978 limit is set, thus the minimum value is 1. The limit is not enforced in the
979 global zone. Setting a filesystem_limit on a descendent of a filesystem that
980 already has a filesystem_limit does not override the ancestor's
981 filesystem_limit, but rather imposes an additional limit. This feature must be
982 enabled to be used (see \fBzpool-features\fR(5)).
983 .RE
984 .sp
985 .ne 2
986 .na
987 \fB\fBmountpoint\fR=\fIpath\fR | \fBnone\fR | \fBlegacy\fR\fR
988 .ad
989 .sp .6
990 .RS 4n
991 Controls the mount point used for this file system. See the "Mount Points"
992 section for more information on how this property is used.
993 .sp
994 When the \fBmountpoint\fR property is changed for a file system, the file
995 system and any children that inherit the mount point are unmounted. If the new
996 value is \fBlegacy\fR, then they remain unmounted. Otherwise, they are
997 automatically remounted in the new location if the property was previously
998 \fBlegacy\fR or \fBnone\fR, or if they were mounted before the property was
999 changed. In addition, any shared file systems are unshared and shared in the
1000 new location.
1001 .RE
1002
1003 .sp
1004 .ne 2
1005 .na
1006 \fB\fBnbmand\fR=\fBon\fR | \fBoff\fR\fR
1030 .sp
1031 .ne 2
1032 .na
1033 \fB\fBquota\fR=\fIsize\fR | \fBnone\fR\fR
1034 .ad
1035 .sp .6
1036 .RS 4n
1037 Limits the amount of space a dataset and its descendents can consume. This
1038 property enforces a hard limit on the amount of space used. This includes all
1039 space consumed by descendents, including file systems and snapshots. Setting a
1040 quota on a descendent of a dataset that already has a quota does not override
1041 the ancestor's quota, but rather imposes an additional limit.
1042 .sp
1043 Quotas cannot be set on volumes, as the \fBvolsize\fR property acts as an
1044 implicit quota.
1045 .RE
1046
1047 .sp
1048 .ne 2
1049 .na
1050 \fB\fBsnapshot_limit\fR=\fIcount\fR | \fBnone\fR\fR
1051 .ad
1052 .sp .6
1053 .RS 4n
1054 Limits the number of snapshots that can be created on a dataset and its
1055 descendents. Setting a snapshot_limit on a descendent of a dataset that already
1056 has a snapshot_limit does not override the ancestor's snapshot_limit, but
1057 rather imposes an additional limit. The limit is not enforced in the global
1058 zone, but recursive snapshots taken from the global zone are counted on each
1059 dataset. This feature must be enabled to be used (see \fBzpool-features\fR(5)).
1060 .RE
1061
1062 .sp
1063 .ne 2
1064 .na
1065 \fB\fBuserquota@\fR\fIuser\fR=\fIsize\fR | \fBnone\fR\fR
1066 .ad
1067 .sp .6
1068 .RS 4n
1069 Limits the amount of space consumed by the specified user. User space
1070 consumption is identified by the \fBuserspace@\fR\fIuser\fR property.
1071 .sp
1072 Enforcement of user quotas may be delayed by several seconds. This delay means
1073 that a user might exceed their quota before the system notices that they are
1074 over quota and begins to refuse additional writes with the \fBEDQUOT\fR error
1075 message . See the \fBzfs userspace\fR subcommand for more information.
1076 .sp
1077 Unprivileged users can only access their own groups' space usage. The root
1078 user, or a user who has been granted the \fBuserquota\fR privilege with \fBzfs
1079 allow\fR, can get and set everyone's quota.
1080 .sp
1081 This property is not available on volumes, on file systems before version 4, or
1082 on pools before version 15. The \fBuserquota@\fR... properties are not
1083 displayed by \fBzfs get all\fR. The user's name must be appended after the
1084 \fB@\fR symbol, using one of the following forms:
3141 send subcommand
3142 share subcommand Allows sharing file systems over NFS or SMB
3143 protocols
3144 snapshot subcommand Must also have the 'mount' ability
3145 groupquota other Allows accessing any groupquota@... property
3146 groupused other Allows reading any groupused@... property
3147 userprop other Allows changing any user property
3148 userquota other Allows accessing any userquota@... property
3149 userused other Allows reading any userused@... property
3150
3151 aclinherit property
3152 aclmode property
3153 atime property
3154 canmount property
3155 casesensitivity property
3156 checksum property
3157 compression property
3158 copies property
3159 devices property
3160 exec property
3161 filesystem_limit property
3162 mountpoint property
3163 nbmand property
3164 normalization property
3165 primarycache property
3166 quota property
3167 readonly property
3168 recordsize property
3169 refquota property
3170 refreservation property
3171 reservation property
3172 secondarycache property
3173 setuid property
3174 shareiscsi property
3175 sharenfs property
3176 sharesmb property
3177 snapdir property
3178 snapshot_limit property
3179 utf8only property
3180 version property
3181 volblocksize property
3182 volsize property
3183 vscan property
3184 xattr property
3185 zoned property
3186 .fi
3187 .in -2
3188 .sp
3189
3190 .sp
3191 .ne 2
3192 .na
3193 \fB\fBzfs allow\fR \fB-c\fR \fIperm\fR|@\fIsetname\fR[,...]
3194 \fIfilesystem\fR|\fIvolume\fR\fR
3195 .ad
3196 .sp .6
3197 .RS 4n
3198 Sets "create time" permissions. These permissions are granted (locally) to the
|