Project

General

Profile

Feature #1801 » zfs.1m-osol134-sol11ex.diff

zfs.1m diff between OpenSolaris snv_134 and Solaris Express 11 (10/2010) - Martin Matuška, 2011-11-21 11:07 AM

View differences:

/tmp/zfs.1m 2011-11-21 11:13:42.000000000 +0100
1 1
'\" te
2
.\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
3
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
4
.\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
5
.\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
7
.\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with
8
.\" the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
9
.TH zfs 1M "21 Dec 2009" "SunOS 5.11" "System Administration Commands"
2
.\" Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
3
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
4
.\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
5
.\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.
7
.\"  See the License for the specific language governing permissions and limitations under the License. When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the
8
.\" fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
9
.TH zfs 1M "1 Oct 2010" "SunOS 5.11" "System Administration Commands"
10 10
.SH NAME
11 11
zfs \- configures ZFS file systems
12 12
.SH SYNOPSIS
......
48 48

  
49 49
.LP
50 50
.nf
51
\fBzfs\fR \fBclone\fR [\fB-p\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR] ... \fIsnapshot\fR \fIfilesystem\fR|\fIvolume\fR
51
\fBzfs\fR \fBclone\fR [\fB-p\fR] [\fB-K\fR] [\fB-o\fR \fIproperty\fR=\fIvalue\fR] ... \fIsnapshot\fR \fIfilesystem\fR|\fIvolume\fR
52 52
.fi
53 53

  
54 54
.LP
......
80 80

  
81 81
.LP
82 82
.nf
83
\fBzfs\fR \fBset\fR \fIproperty\fR=\fIvalue\fR \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR ...
83
\fBzfs\fR \fBset\fR [\fB-r\fR] \fIproperty\fR=\fIvalue\fR \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR ...
84 84
.fi
85 85

  
86 86
.LP
......
96 96

  
97 97
.LP
98 98
.nf
99
\fBzfs\fR \fBupgrade\fR
100
.fi
101

  
102
.LP
103
.nf
99 104
\fBzfs\fR \fBupgrade\fR [\fB-v\fR]
100 105
.fi
101 106

  
......
143 148

  
144 149
.LP
145 150
.nf
146
\fBzfs\fR \fBsend\fR [\fB-DvRp\fR] [\fB-\fR[\fBiI\fR] \fIsnapshot\fR] \fIsnapshot\fR
151
\fBzfs\fR \fBsend\fR [\fB-DvRbp\fR] [\fB-\fR[\fBiI\fR] \fIsnapshot\fR] \fIsnapshot\fR
147 152
.fi
148 153

  
149 154
.LP
150 155
.nf
151
\fBzfs\fR \fBreceive\fR [\fB-vnFu\fR] \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR
156
\fBzfs\fR \fBreceive\fR [\fB-vnFu\fR] [[\fB-o\fR \fIproperty\fR=\fIvalue\fR] | [\fB-x\fR \fIproperty\fR]] ...
157
     \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR
152 158
.fi
153 159

  
154 160
.LP
155 161
.nf
156
\fBzfs\fR \fBreceive\fR [\fB-vnFu\fR] [\fB-d\fR | \fB-e\fR] \fIfilesystem\fR
162
\fBzfs\fR \fBreceive\fR [\fB-vnFu\fR] [[\fB-o\fR \fIproperty\fR=\fIvalue\fR] | [\fB-x\fR \fIproperty\fR]] ...
163
     [\fB-d\fR | \fB-e\fR] \fIfilesystem\fR
157 164
.fi
158 165

  
159 166
.LP
......
163 170

  
164 171
.LP
165 172
.nf
166
\fBzfs\fR \fBallow\fR [\fB-ldug\fR] "\fIeveryone\fR"|\fIuser\fR|\fIgroup\fR[,...] \fIperm\fR|\fI@setname\fR[,...] 
173
\fBzfs\fR \fBallow\fR [\fB-ldug\fR] \fBeveryone\fR|\fIuser\fR|\fIgroup\fR[,...] \fIperm\fR|\fI@setname\fR[,...] 
167 174
     \fIfilesystem\fR|\fIvolume\fR
168 175
.fi
169 176

  
......
184 191

  
185 192
.LP
186 193
.nf
187
\fBzfs\fR \fBunallow\fR [\fB-rldug\fR] "\fIeveryone\fR"|\fIuser\fR|\fIgroup\fR[,...] [\fIperm\fR|@\fIsetname\fR[,... ]] 
194
\fBzfs\fR \fBunallow\fR [\fB-rldug\fR] \fBeveryone\fR|\fIuser\fR|\fIgroup\fR[,...] [\fIperm\fR|@\fIsetname\fR[,... ]] 
188 195
     \fIfilesystem\fR|\fIvolume\fR
189 196
.fi
190 197

  
......
218 225
\fBzfs\fR \fBrelease\fR [\fB-r\fR] \fItag\fR \fIsnapshot\fR...
219 226
.fi
220 227

  
228
.LP
229
.nf
230
\fBzfs\fR \fBdiff\fR [\fB-FHt\fR] \fIsnapshot\fR \fIsnapshot\fR|\fIfilesystem\fR
231
.fi
232

  
233
.LP
234
.nf
235
\fBzfs\fR \fBkey\fR \fB-l\fR {\fB-a\fR | [\fB-r\fR] \fIfilesystem\fR|\fIvolume\fR}
236
.fi
237

  
238
.LP
239
.nf
240
\fBzfs\fR \fBkey\fR \fB-u\fR [\fB-f\fR] {\fB-a\fR | [\fB-r\fR] \fIfilesystem\fR|\fIvolume\fR}
241
.fi
242

  
243
.LP
244
.nf
245
\fBzfs\fR \fBkey\fR \fB-c\fR [\fB-o\fR \fIkeysource\fR=\fIvalue\fR] {\fB-a\fR | [\fB-r\fR] \fIfilesystem\fR|\fIvolume\fR}
246
.fi
247

  
248
.LP
249
.nf
250
\fBzfs\fR \fBkey\fR \fB-K\fR {\fB-a\fR | [\fB-r\fR] \fIfilesystem\fR|\fIvolume\fR}
251
.fi
252

  
221 253
.SH DESCRIPTION
222 254
.sp
223 255
.LP
......
340 372
.SS "Deduplication"
341 373
.sp
342 374
.LP
343
Deduplication is the process for removing redundant data at  the block-level, reducing the total amount of data stored. If a file system has the \fBdedup\fR  property enabled, duplicate data blocks are removed synchronously.  The result is that only unique data is stored and common components are shared among files.
375
Deduplication is the process of removing redundant data at the block-level, reducing the total amount of data stored. Deduplication is pool-wide; each dataset can opt in or out using its own \fBdedup\fR property. If a file system has the  \fBdedup\fR property enabled, duplicate data blocks are removed synchronously on write. The result is that only unique data are stored and common components are shared among files in all datasets in the pool that have \fBdedup\fR enabled.
376
.SS "Encryption"
377
.sp
378
.LP
379
Encryption is the process in which data is encoded for privacy and a key is needed by the data owner to access the encoded data. You can set an encryption policy when a ZFS dataset is created, but the policy cannot be changed. See the \fBencryption\fR and \fBkeysource\fR property descriptions in the "Native Properties" section for details.
380
.sp
381
.LP
382
Dataset encryption is inherited permanently and cannot be removed during dataset cloning. When receiving a replicated dataset stream, the destination dataset must have encryption enabled if encryption is desired. Otherwise, the data is stored as clear text. A fully replicated stream of an encrypted dataset results in an encrypted dataset but under a newly generated key.
344 383
.SS "Native Properties"
345 384
.sp
346 385
.LP
......
415 454
.ne 2
416 455
.mk
417 456
.na
457
\fB\fBkeystatus\fR\fR
458
.ad
459
.sp .6
460
.RS 4n
461
Identifies the encryption key status for the dataset. The availability of a dataset's key is indicated by showing the status of \fBavailable\fR or \fBunavailable\fR. For datasets that do not have encryption enabled, \fBnone\fR is displayed.
462
.RE
463

  
464
.sp
465
.ne 2
466
.mk
467
.na
418 468
\fB\fBmounted\fR\fR
419 469
.ad
420 470
.sp .6
......
450 500
.ne 2
451 501
.mk
452 502
.na
503
\fB\fBrekeydate\fR\fR
504
.ad
505
.sp .6
506
.RS 4n
507
The date of the last data encryption key change from a \fBzfs key\fR \fB-K\fR or \fBzfs clone\fR \fB-K\fR operation on this dataset. If no rekey operation has been performed, \fBrekeydate\fR is the same as \fBcreation\fR date.
508
.RE
509

  
510
.sp
511
.ne 2
512
.mk
513
.na
453 514
\fB\fBtype\fR\fR
454 515
.ad
455 516
.sp .6
......
465 526
.ad
466 527
.sp .6
467 528
.RS 4n
468
The amount of space consumed by this dataset and all its descendents. This is the value that is checked against this dataset's quota and reservation. The space used does not include this dataset's reservation, but does take into account the reservations of any descendent datasets. The amount of space that a dataset consumes from its parent, as well as the amount of space that are freed if this dataset is recursively destroyed, is the greater of its space used and its reservation.
529
The amount of space consumed by this dataset and all its descendents. This is the value that is checked against this dataset's quota and reservation. The space used does not include this dataset's reservation, but does take into account \fBrefreservation\fR (through \fBusedbyrefreservation\fR) and the reservations of any descendent datasets (through \fBusedbychildren\fR). The amount of space that a dataset consumes from its parent, as well as the amount of space that are freed if this dataset is recursively destroyed, is the greater of its space used and its reservation.
469 530
.sp
470 531
When snapshots (see the "Snapshots" section) are created, their space is initially shared between the snapshot and the file system, and possibly with previous snapshots. As the file system changes, space that was previously shared becomes unique to the snapshot, and counted in the snapshot's space used. Additionally, deleting snapshots can increase the amount of space unique to (and used by) other snapshots.
471 532
.sp
......
514 575
.sp .6
515 576
.RS 4n
516 577
The amount of space used by a \fBrefreservation\fR set on this dataset, which would be freed if the \fBrefreservation\fR was removed.
578
.sp
579
Space accounted for by this property represents potential consumption by future writes, reserved in advance to prevent write allocation failures in this dataset. This can include unwritten data, space currently shared with snapshots, and compression savings for volumes (which may be lost when replaced with less compressible data). When allocations for later writes increase \fBusedbydataset\fR or \fBusedbysnapshots\fR, \fBusedbyrefreservation\fR will decrease accordingly.
517 580
.RE
518 581

  
519 582
.sp
......
614 677
.ad
615 678
.sp .6
616 679
.RS 4n
617
Controls how \fBACL\fR entries are inherited when files and directories are created. A file system with an \fBaclinherit\fR property of \fBdiscard\fR does not inherit any \fBACL\fR entries. A file system with an \fBaclinherit\fR property value of \fBnoallow\fR only inherits inheritable \fBACL\fR entries that specify "deny" permissions. The property value \fBrestricted\fR (the default) removes the \fBwrite_acl\fR and \fBwrite_owner\fR permissions when the \fBACL\fR entry is inherited. A file system with an \fBaclinherit\fR property value of \fBpassthrough\fR inherits all inheritable \fBACL\fR entries without any modifications made to the \fBACL\fR entries when they are inherited. A file system with an \fBaclinherit\fR property value of \fBpassthrough-x\fR has the same meaning as \fBpassthrough\fR, except that the \fBowner@\fR, \fBgroup@\fR, and \fBeveryone@\fR \fBACE\fRs inherit the execute permission only if the file creation mode also requests the execute bit.
680
Controls how \fBACL\fR entries are inherited when files and directories are created. A file system with an \fBaclinherit\fR property of \fBdiscard\fR does not inherit any \fBACL\fR entries. A file system with an \fBaclinherit\fR property value of \fBnoallow\fR only inherits inheritable \fBACL\fR entries that specify "deny" permissions. The property value \fBrestricted\fR (the default) removes the \fBwrite_acl\fR and \fBwrite_owner\fR permissions when the \fBACL\fR entry is inherited. A file system with an \fBaclinherit\fR property value of \fBpassthrough\fR inherits all inheritable \fBACL\fR entries without any modifications made to the \fBACL\fR entries when they are inherited. A file system with an \fBaclinherit\fR property value of \fBpassthrough-x\fR has the same meaning as \fBpassthrough\fR, except that all \fBACE\fRs inherit the execute permission only if the file creation mode also requests the execute bit.
618 681
.sp
619 682
When the property value is set to \fBpassthrough\fR, files are created with a mode determined by the inheritable \fBACE\fRs. If no inheritable \fBACE\fRs exist that affect the mode, then the mode is set in accordance to the requested mode from the application.
620 683
.RE
......
623 686
.ne 2
624 687
.mk
625 688
.na
626
\fB\fBaclmode\fR=\fBdiscard\fR | \fBgroupmask\fR | \fBpassthrough\fR\fR
627
.ad
628
.sp .6
629
.RS 4n
630
Controls how an \fBACL\fR is modified during \fBchmod\fR(2). A file system with an \fBaclmode\fR property of \fBdiscard\fR deletes all \fBACL\fR entries that do not represent the mode of the file. An \fBaclmode\fR property of \fBgroupmask\fR (the default) reduces user or group permissions. The permissions are reduced, such that they are no greater than the group permission bits, unless it is a user entry that has the same \fBUID\fR as the owner of the file or directory. In this case, the \fBACL\fR permissions are reduced so that they are no greater than owner permission bits. A file system with an \fBaclmode\fR property of \fBpassthrough\fR indicates that no changes are made to the \fBACL\fR other than generating the necessary \fBACL\fR entries to represent the new mode of the file or directory.
631
.RE
632

  
633
.sp
634
.ne 2
635
.mk
636
.na
637 689
\fB\fBatime\fR=\fBon\fR | \fBoff\fR\fR
638 690
.ad
639 691
.sp .6
......
660 712
.ne 2
661 713
.mk
662 714
.na
663
\fB\fBchecksum\fR=\fBon\fR | \fBoff\fR | \fBfletcher2,\fR| \fBfletcher4\fR | \fBsha256\fR\fR
715
\fB\fBchecksum\fR=\fBon\fR | \fBoff\fR | \fBfletcher2,\fR| \fBfletcher4\fR | \fBsha256\fR | \fBsha256+mac\fR\fR
664 716
.ad
665 717
.sp .6
666 718
.RS 4n
667 719
Controls the checksum used to verify data integrity. The default value is \fBon\fR, which automatically selects an appropriate algorithm (currently, \fBfletcher4\fR, but this may change in future releases). The value \fBoff\fR disables integrity checking on user data. Disabling checksums is \fBNOT\fR a recommended practice.
668 720
.sp
669 721
Changing this property affects only newly-written data.
722
.sp
723
The value of \fBsha256+mac\fR is only available when encryption is enabled. The checksum property becomes \fBreadonly\fR when encryption is enabled, and then is always set to \fBsha256+mac\fR.
670 724
.RE
671 725

  
672 726
.sp
......
693 747
Controls the number of copies of data stored for this dataset. These copies are in addition to any redundancy provided by the pool, for example, mirroring or RAID-Z. The copies are stored on different disks, if possible. The space used by multiple copies is charged to the associated file and dataset, changing the \fBused\fR property and counting against quotas and reservations.
694 748
.sp
695 749
Changing this property only affects newly-written data. Therefore, set this property at file system creation time by using the \fB-o\fR \fBcopies=\fR\fIN\fR option.
750
.sp
751
When encryption is enabled on a dataset, copies can be set to a maximum of \fB2\fR.
696 752
.RE
697 753

  
698 754
.sp
......
738 794
.ad
739 795
.sp .6
740 796
.RS 4n
741
The \fBmlslabel\fR property is a sensitivity label that determines if a dataset  can be mounted in a zone on a system with Trusted Extensions enabled. If the labeled dataset matches the labeled zone, the dataset can be mounted  and accessed from the labeled zone.
797
The \fBmlslabel\fR property is a sensitivity label that determines if a dataset can be mounted in a zone on a system with Trusted Extensions enabled. If the labeled dataset matches the labeled zone, the dataset can be mounted and accessed from the labeled zone.
742 798
.sp
743
When the \fBmlslabel\fR property is not set, the default value is \fBnone\fR. Setting the  \fBmlslabel\fR property to \fBnone\fR is equivalent to removing the property.
799
When the \fBmlslabel\fR property is not set, the default value is \fBnone\fR. Setting the \fBmlslabel\fR property to \fBnone\fR is equivalent to removing the property.
744 800
.sp
745 801
The \fBmlslabel\fR property can be modified only when Trusted Extensions is enabled and only with appropriate privilege. Rights to modify it cannot be delegated. When changing a label to a higher label or setting the initial dataset label, the \fB{PRIV_FILE_UPGRADE_SL}\fR privilege is required. When changing a label to a lower label or the default (\fBnone\fR), the \fB{PRIV_FILE_DOWNGRADE_SL}\fR privilege is required. Changing the dataset to labels other than the default can be done only when the dataset is not mounted. When a dataset with the default label is mounted into a labeled-zone, the mount operation automatically sets the \fBmlslabel\fR property to the label of that zone.
746 802
.sp
......
768 824
.ad
769 825
.sp .6
770 826
.RS 4n
771
Controls whether the file system should be mounted with \fBnbmand\fR (Non Blocking mandatory locks). This is used for \fBCIFS\fR clients. Changes to this property only take effect when the file system is umounted and remounted. See \fBmount\fR(1M) for more information on \fBnbmand\fR mounts.
827
Controls whether the file system should be mounted with \fBnbmand\fR (Non Blocking mandatory locks). This is used for \fBSMB\fR clients. Changes to this property only take effect when the file system is umounted and remounted. See \fBmount\fR(1M) for more information on \fBnbmand\fR mounts.
772 828
.RE
773 829

  
774 830
.sp
......
799 855
.ne 2
800 856
.mk
801 857
.na
858
\fB\fBsync=standard\fR | \fBalways\fR | \fBdisabled\fR\fR
859
.ad
860
.sp .6
861
.RS 4n
862
Determines the degree to which file system transactions are synchronized. This property can be set when a dataset is created, or dynamically, and will take effect immediately. \fBsync\fR can have one of the following settings:
863
.sp
864
.ne 2
865
.mk
866
.na
867
\fB\fBstandard\fR\fR
868
.ad
869
.sp .6
870
.RS 4n
871
The default option. Synchronous file system transactions are written to the intent log and then all devices written are flushed to ensure the data is stable (that is, not cached by device controllers).
872
.RE
873

  
874
.sp
875
.ne 2
876
.mk
877
.na
878
\fB\fBalways\fR\fR
879
.ad
880
.sp .6
881
.RS 4n
882
Every file system transaction would be written and flushed to stable storage. This setting should be used only where extreme caution is required, as there is a significant performance penalty.
883
.RE
884

  
885
.sp
886
.ne 2
887
.mk
888
.na
889
\fB\fBdisabled\fR\fR
890
.ad
891
.sp .6
892
.RS 4n
893
Synchronous requests are disabled. File system transactions commit to stable storage only on the next DMU transaction group commit, which might be after many seconds. This setting gives the highest performance. However, it is very dangerous as ZFS would be ignoring the synchronous transaction demands of applications such as databases or NFS. Furthermore, when this setting is in effect for the currently active root or \fB/var\fR filesystem, out-of-spec behavior, application data loss, and increased vulnerability to replay attacks can result. Administrators should only use this option only when these risks are understood.
894
.RE
895

  
896
To change the property, use a command such as either of the following:
897
.sp
898
.in +2
899
.nf
900
# \fBzfs create -o sync=disabled whirlpool/milek\fR
901
# \fBzfs set sync=always whirlpool/perrin\fR
902
.fi
903
.in -2
904
.sp
905

  
906
Retrieve the value of sync as you would other properties. For example:
907
.sp
908
.in +2
909
.nf
910
% \fBzfs get sync\fR
911
% \fBzfs list -o sync\fR
912
.fi
913
.in -2
914
.sp
915

  
916
The \fBsync\fR property is not inherited from parent datasets.
917
.RE
918

  
919
.sp
920
.ne 2
921
.mk
922
.na
802 923
\fB\fBuserquota@\fR\fIuser\fR=\fIsize\fR | \fBnone\fR\fR
803 924
.ad
804 925
.sp .6
......
876 997
.sp
877 998
The size specified must be a power of two greater than or equal to 512 and less than or equal to 128 Kbytes.
878 999
.sp
879
Changing the file system's \fBrecordsize\fR affects only files created afterward; existing files are unaffected.
1000
Changing the file system's \fBrecordsize\fR affects only files created afterward; existing files and received data are unaffected.
880 1001
.sp
881 1002
This property can also be referred to by its shortened column name, \fBrecsize\fR.
882 1003
.RE
......
900 1021
.ad
901 1022
.sp .6
902 1023
.RS 4n
903
The minimum amount of space guaranteed to a dataset, not including its descendents. When the amount of space used is below this value, the dataset is treated as if it were taking up the amount of space specified by \fBrefreservation\fR. The \fBrefreservation\fR reservation is accounted for in the parent datasets' space used, and counts against the parent datasets' quotas and reservations.
1024
The minimum amount of space guaranteed to a dataset, not including its descendents. When the \fBusedbydataset\fR space is below this value, the dataset is treated as if it were taking up the amount of space specified by \fBrefreservation\fR. The \fBusedbyrefreservation\fR figure represents this extra space, adding to the total \fBused\fR space charged to the dataset, and in turn consuming from the parent datasets' usage, quotas, and reservations. This protects the dataset from overcommitment of pool resources, by ensuring that space for future writes is reserved in advance.
904 1025
.sp
905
If \fBrefreservation\fR is set, a snapshot is only allowed if there is enough free pool space outside of this reservation to accommodate the current number of "referenced" bytes in the dataset.
1026
Space shared with snapshots can later be replaced with new data, and the snapshot represents a committment to keep both copies. If \fBrefreservation\fR is set, \fBusedbyrefreservation\fR must be increased to the full size of \fBrefreservation\fR when taking a new snapshot, accounting for this commitment.  If there is insufficient space available to the dataset for this increase, snapshot creation will be denied.
906 1027
.sp
907 1028
This property can also be referred to by its shortened column name, \fBrefreserv\fR.
908 1029
.RE
......
946 1067
.ne 2
947 1068
.mk
948 1069
.na
949
\fB\fBshareiscsi\fR=\fBon\fR | \fBoff\fR\fR
950
.ad
951
.sp .6
952
.RS 4n
953
Like the \fBsharenfs\fR property, \fBshareiscsi\fR indicates whether a \fBZFS\fR volume is exported as an \fBiSCSI\fR target. The acceptable values for this property are \fBon\fR, \fBoff\fR, and \fBtype=disk\fR. The default value is \fBoff\fR. In the future, other target types might be supported. For example, \fBtape\fR.
954
.sp
955
You might want to set \fBshareiscsi=on\fR for a file system so that all \fBZFS\fR volumes within the file system are shared by default. However, setting this property on a file system has no direct effect.
956
.RE
957

  
958
.sp
959
.ne 2
960
.mk
961
.na
962 1070
\fB\fBsharesmb\fR=\fBon\fR | \fBoff\fR | \fIopts\fR\fR
963 1071
.ad
964 1072
.sp .6
965 1073
.RS 4n
966
Controls whether the file system is shared by using the Solaris \fBCIFS\fR service, and what options are to be used. A file system with the \fBsharesmb\fR property set to \fBoff\fR is managed through traditional tools such as \fBsharemgr\fR(1M). Otherwise, the file system is automatically shared and unshared with the \fBzfs share\fR and \fBzfs unshare\fR commands. If the property is set to \fBon\fR, the \fBsharemgr\fR(1M) command is invoked with no options. Otherwise, the \fBsharemgr\fR(1M) command is invoked with options equivalent to the contents of this property.
1074
Controls whether the file system is shared by using the Solaris \fBSMB\fR service, and what options are to be used. A file system with the \fBsharesmb\fR property set to \fBoff\fR is managed through traditional tools such as \fBsharemgr\fR(1M). Otherwise, the file system is automatically shared and unshared with the \fBzfs share\fR and \fBzfs unshare\fR commands. If the property is set to \fBon\fR, the \fBsharemgr\fR(1M) command is invoked with no options. Otherwise, the \fBsharemgr\fR(1M) command is invoked with options equivalent to the contents of this property.
967 1075
.sp
968 1076
Because \fBSMB\fR shares requires a resource name, a unique resource name is constructed from the dataset name. The constructed name is a copy of the dataset name except that the characters in the dataset name, which would be illegal in the resource name, are replaced with underscore (\fB_\fR) characters. A pseudo property "name" is also supported that allows you to replace the data set name with a specified name. The specified name is then used to replace the prefix dataset in the case of inheritance. For example, if the dataset \fBdata/home/john\fR is set to \fBname=john\fR, then \fBdata/home/john\fR has a resource name of \fBjohn\fR. If a child dataset of \fBdata/home/john/backups\fR, it has a resource name of \fBjohn_backups\fR.
969 1077
.sp
......
1028 1136
.RS 4n
1029 1137
For volumes, specifies the logical size of the volume. By default, creating a volume establishes a reservation of equal size. For storage pools with a version number of 9 or higher, a \fBrefreservation\fR is set instead. Any changes to \fBvolsize\fR are reflected in an equivalent change to the reservation (or \fBrefreservation\fR). The \fBvolsize\fR can only be set to a multiple of \fBvolblocksize\fR, and cannot be zero.
1030 1138
.sp
1031
The reservation is kept equal to the volume's logical size to prevent unexpected behavior for consumers. Without the reservation, the volume could run out of space, resulting in undefined behavior or data corruption, depending on how the volume is used. These effects can also occur when the volume size is changed while it is in use (particularly when shrinking the size). Extreme care should be used when adjusting the volume size.
1139
The reservation is kept equal to the volume's logical size to prevent unexpected behavior for consumers. The reservation size corresponds to the volume's logical size, increased by ZFS implementation overhead. Without the reservation, the volume could run out of space, resulting in undefined behavior or data corruption, depending on how the volume is used. These effects can also occur when the volume size is changed while it is in use (particularly when shrinking the size). Extreme care should be used when adjusting the volume size.
1032 1140
.sp
1033 1141
Though not recommended, a "sparse volume" (also known as "thin provisioning") can be created by specifying the \fB-s\fR option to the \fBzfs create -V\fR command, or by changing the reservation after the volume has been created. A "sparse volume" is a volume where the reservation is less then the volume size. Consequently, writes to a sparse volume can fail with \fBENOSPC\fR when the pool is low on space. For a sparse volume, changes to \fBvolsize\fR are not reflected in the reservation.
1034 1142
.RE
......
1079 1187
.RS 4n
1080 1188
Indicates whether the file name matching algorithm used by the file system should be case-sensitive, case-insensitive, or allow a combination of both styles of matching. The default value for the \fBcasesensitivity\fR property is \fBsensitive\fR. Traditionally, UNIX and POSIX file systems have case-sensitive file names.
1081 1189
.sp
1082
The \fBmixed\fR value for the \fBcasesensitivity\fR property indicates that the file system can support requests for both case-sensitive and case-insensitive matching behavior. Currently, case-insensitive matching behavior on a file system that supports mixed behavior is limited to the Solaris CIFS server product. For more information about the \fBmixed\fR value behavior, see the \fISolaris ZFS Administration Guide\fR.
1190
The \fBmixed\fR value for the \fBcasesensitivity\fR property indicates that the file system can support requests for both case-sensitive and case-insensitive matching behavior. Currently, case-insensitive matching behavior on a file system that supports mixed behavior is limited to the Solaris SMB server product. For more information about the \fBmixed\fR value behavior, see the \fISolaris ZFS Administration Guide\fR.
1083 1191
.RE
1084 1192

  
1085 1193
.sp
......
1105 1213
.RE
1106 1214

  
1107 1215
.sp
1216
.ne 2
1217
.mk
1218
.na
1219
\fB\fBrstchown\fR=\fBon\fR | \fBoff\fR\fR
1220
.ad
1221
.sp .6
1222
.RS 4n
1223
Indicates whether the file system restricts users from giving away their files by means of \fBchown\fR(1) or the \fBchown\fR(2) system call. The default is to restrict \fBchown\fR. When \fBrstchown\fR is \fBoff\fR then \fBchown\fR will act as if the user has the \fBPRIV_FILE_CHOWN_SELF\fR privilege.
1224
.RE
1225

  
1226
.sp
1227
.ne 2
1228
.mk
1229
.na
1230
\fB\fBencryption\fR=\fBoff\fR | \fBon\fR | \fBaes-128-ccm\fR | \fBaes-129-ccm\fR | \fBaes-256-ccm\fR | \fBaes-128-gcm\fR | \fBaes-192-gcm\fR | \fBaes-256-gcm\fR\fR
1231
.ad
1232
.sp .6
1233
.RS 4n
1234
Defines the encryption algorithm and key length that is used for the encrypted dataset. The \fBon\fR value is equal to \fBaes-128-ccm\fR. The default value is \fBoff\fR. When encryption is set to a value other than \fBoff\fR, the \fBchecksum\fR property is set to \fBsha256+mac\fR and becomes \fBreadonly\fR.
1235
.RE
1236

  
1237
.sp
1108 1238
.LP
1109
The \fBcasesensitivity\fR, \fBnormalization\fR, and \fButf8only\fR properties are also new permissions that can be assigned to non-privileged users by using the \fBZFS\fR delegated administration feature.
1239
The following properties must be specified at creation time and can modified by using special commands:
1240
.sp
1241
.ne 2
1242
.mk
1243
.na
1244
\fB\fBkeysource\fR=\fIraw\fR | \fIhex\fR | \fIpassphrase\fR,\fIprompt\fR | \fIfile\fR\fR
1245
.ad
1246
.sp .6
1247
.RS 4n
1248
Defines the format and location of the key that wraps the dataset keys. The key must be present when the dataset is created, mounted, or loading by using the \fBzfs key\fR \fB-l\fR command.
1249
.sp
1250
The \fBkeysource\fR property accepts two values: \fBformat\fR determines how the key is presented; \fBlocator\fR identifies where the key is coming from.
1251
.sp
1252
\fBformat\fR accepts three values:
1253
.RS +4
1254
.TP
1255
.ie t \(bu
1256
.el o
1257
\fIraw\fR: the raw key bytes
1258
.RE
1259
.RS +4
1260
.TP
1261
.ie t \(bu
1262
.el o
1263
\fIhex\fR: a hexadecimal key string
1264
.RE
1265
.RS +4
1266
.TP
1267
.ie t \(bu
1268
.el o
1269
\fIpassphrase\fR: a character string that generates a key
1270
.RE
1271
\fBlocator\fR accepts two values:
1272
.RS +4
1273
.TP
1274
.ie t \(bu
1275
.el o
1276
\fBprompt\fR: causes one to be prompted for a key when the dataset is created or mounted
1277
.RE
1278
.RS +4
1279
.TP
1280
.ie t \(bu
1281
.el o
1282
\fBfile:///\fR\fIfilename\fR: the key file location
1283
.RE
1284
Change the key value or the format of the key by using the \fBzfs key\fR \fB-c\fR command. If only the locator, not the key, is changed (for example, a filename change), then use the \fBzfs set\fR command with the \fBkeysource\fR property.
1285
.sp
1286
If \fBkeysource\fR is not specified and not inherited, then the default \fBkeysource\fR is set to \fBpassphrase\fR,\fBprompt\fR for a dataset that has encryption  on and is set to \fBnone\fR for a dataset that has encryption off.
1287
.RE
1288

  
1110 1289
.SS "Temporary Mount Point Properties"
1111 1290
.sp
1112 1291
.LP
......
1120 1299
     readonly                ro/rw
1121 1300
     setuid                  setuid/nosetuid
1122 1301
     xattr                   xattr/noxattr
1302
     rstchown                rstchown/norstchown
1123 1303
.fi
1124 1304
.in -2
1125 1305
.sp
......
1453 1633
Sets the specified property; see \fBzfs create\fR for details.
1454 1634
.RE
1455 1635

  
1636
.sp
1637
.ne 2
1638
.mk
1639
.na
1640
\fB\fB-K\fR\fR
1641
.ad
1642
.sp .6
1643
.RS 4n
1644
Creates a new data encryption key in the keychain for this dataset. Data written in the clone uses the new data encryption key, which is distinct from its original snapshot.
1645
.RE
1646

  
1456 1647
.RE
1457 1648

  
1458 1649
.sp
......
1642 1833
.ad
1643 1834
.sp .6
1644 1835
.RS 4n
1645
A comma-separated list of types to display, where \fItype\fR is one of \fBfilesystem\fR, \fBsnapshot\fR , \fBvolume\fR, or \fBall\fR. For example, specifying \fB-t snapshot\fR displays only snapshots.
1836
A comma-separated list of types to display, where \fItype\fR is one of \fBfilesystem\fR, \fBsnapshot\fR , \fBvolume\fR, or \fBall\fR. For example, specifying \fB-t snapshot\fR displays only snapshots. The following aliases can be used in place of the type specifiers: \fBfs\fR (filesystem), \fBsnap\fR (snapshot), and \fBvol\fR (volume).
1646 1837
.RE
1647 1838

  
1648 1839
.RE
......
1651 1842
.ne 2
1652 1843
.mk
1653 1844
.na
1654
\fB\fBzfs set\fR \fIproperty\fR=\fIvalue\fR \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR ...\fR
1845
\fB\fBzfs set\fR [\fB-r\fR] \fIproperty\fR=\fIvalue\fR \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR ...\fR
1655 1846
.ad
1656 1847
.sp .6
1657 1848
.RS 4n
1658 1849
Sets the property to the given value for each dataset. Only some properties can be edited. See the "Properties" section for more information on what properties can be set and acceptable values. Numeric values can be specified as exact values, or in a human-readable form with a suffix of \fBB\fR, \fBK\fR, \fBM\fR, \fBG\fR, \fBT\fR, \fBP\fR, \fBE\fR, \fBZ\fR (for bytes, kilobytes, megabytes, gigabytes, terabytes, petabytes, exabytes, or zettabytes, respectively). User properties can be set on snapshots. For more information, see the "User Properties" section.
1850
.sp
1851
.ne 2
1852
.mk
1853
.na
1854
\fB\fB-r\fR\fR
1855
.ad
1856
.sp .6
1857
.RS 4n
1858
Recursively apply the effective value of the setting throughout the subtree of child datasets. The effective value may be set or inherited, depending on the property.
1859
.RE
1860

  
1659 1861
.RE
1660 1862

  
1661 1863
.sp
......
1814 2016
.ne 2
1815 2017
.mk
1816 2018
.na
2019
\fB\fBzfs upgrade\fR\fR
2020
.ad
2021
.sp .6
2022
.RS 4n
2023
Identifies a file system version, which determines available file system features in the currently running software release. You can continue to use older file system versions, but some features might not be available. A file system can be upgraded by using the \fBzfs upgrade\fR \fB-a\fR command. You will not be able to access a file system of a later version on a system that runs an earlier software version.
2024
.RE
2025

  
2026
.sp
2027
.ne 2
2028
.mk
2029
.na
1817 2030
\fB\fBzfs upgrade\fR [\fB-v\fR]\fR
1818 2031
.ad
1819 2032
.sp .6
1820 2033
.RS 4n
1821
Displays a list of file systems that are not the most recent version.
2034
Displays ZFS file system versions that are supported by the current software. The current ZFS file system versions and all previously supported versions are displayed, along with an explanation of the features provided with each version.
1822 2035
.RE
1823 2036

  
1824 2037
.sp
......
1829 2042
.ad
1830 2043
.sp .6
1831 2044
.RS 4n
1832
Upgrades file systems to a new on-disk version. Once this is done, the file systems will no longer be accessible on systems running older versions of the software. \fBzfs send\fR streams generated from new snapshots of these file systems cannot be accessed on systems running older versions of the software.
2045
Upgrades file systems to a new, on-disk version. Upgrading a file system means that it will no longer be accessible on a system running an older software version. A \fBzfs send\fR stream that is generated from a new file system snapshot cannot be accessed on a system that runs an older software version.
1833 2046
.sp
1834 2047
In general, the file system version is independent of the pool version. See \fBzpool\fR(1M) for information on the \fBzpool upgrade\fR command. 
1835 2048
.sp
......
2075 2288
.sp .6
2076 2289
.RS 4n
2077 2290
Mount the specified filesystem.
2291
.sp
2292
A \fBzfs mount\fR operation for an encrypted dataset might prompt you for a key, depending on the \fBkeysource\fR property value. This might occur, for example, if the \fBkeysource\fR locator is set to \fBprompt\fR.
2078 2293
.RE
2079 2294

  
2080 2295
.RE
......
2121 2336
Unmount the specified filesystem. The command can also be given a path to a \fBZFS\fR file system mount point on the system.
2122 2337
.RE
2123 2338

  
2339
For an encrypted dataset, the key is not unloaded when the file system is unmounted. To unload the key, see \fBzfs key\fR.
2124 2340
.RE
2125 2341

  
2126 2342
.sp
......
2131 2347
.ad
2132 2348
.sp .6
2133 2349
.RS 4n
2134
Shares available \fBZFS\fR file systems. 
2350
Shares ZFS file systems that have the \fBsharenfs\fR or \fBsharesmb\fR property set. Sharing a file system with the NFS or SMB protocol means that the file system data is available over the network. ZFS file systems that have the \fBsharenfs\fR or \fBsharesmb\fR property set are automatically shared when a system is booted.
2135 2351
.sp
2136 2352
.ne 2
2137 2353
.mk
......
2140 2356
.ad
2141 2357
.sp .6
2142 2358
.RS 4n
2143
Share all available \fBZFS\fR file systems. Invoked automatically as part of the boot process. 
2359
Shares all ZFS file systems that have the \fBsharenfs\fR or \fBsharesmb\fR property set and according to the share property values.
2144 2360
.RE
2145 2361

  
2146 2362
.sp
......
2151 2367
.ad
2152 2368
.sp .6
2153 2369
.RS 4n
2154
Share the specified filesystem according to the \fBsharenfs\fR and \fBsharesmb\fR properties. File systems are shared when the \fBsharenfs\fR or \fBsharesmb\fR property is set.
2370
Shares the specified file system that has the \fBsharenfs\fR or \fBsharesmb\fR property set and according to the share property values.
2155 2371
.RE
2156 2372

  
2157 2373
.RE
......
2164 2380
.ad
2165 2381
.sp .6
2166 2382
.RS 4n
2167
Unshares currently shared \fBZFS\fR file systems. This is invoked automatically as part of the shutdown process.
2383
Unshares all ZFS file systems that have the \fBsharenfs\fR or \fBsharesmb\fR property set.
2168 2384
.sp
2169 2385
.ne 2
2170 2386
.mk
......
2193 2409
.ne 2
2194 2410
.mk
2195 2411
.na
2196
\fB\fBzfs send\fR [\fB-DvRp\fR] [\fB-\fR[\fBiI\fR] \fIsnapshot\fR] \fIsnapshot\fR\fR
2412
\fB\fBzfs send\fR [\fB-DvRbp\fR] [\fB-\fR[\fBiI\fR] \fIsnapshot\fR] \fIsnapshot\fR\fR
2197 2413
.ad
2198 2414
.sp .6
2199 2415
.RS 4n
......
2202 2418
.ne 2
2203 2419
.mk
2204 2420
.na
2421
\fB\fB-b\fR\fR
2422
.ad
2423
.sp .6
2424
.RS 4n
2425
Sends only received property values whether or not they are overridden by local settings, but only if the dataset has ever been received. Use this option when you want \fBzfs receive\fR to restore received properties backed up on the sent dataset and to avoid sending local settings that may have nothing to do with the source dataset, but only with how the data is backed up.
2426
.RE
2427

  
2428
.sp
2429
.ne 2
2430
.mk
2431
.na
2205 2432
\fB\fB-D\fR\fR
2206 2433
.ad
2207 2434
.sp .6
......
2275 2502
.ne 2
2276 2503
.mk
2277 2504
.na
2278
\fB\fBzfs receive\fR [\fB-vnFu\fR] \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR\fR
2505
\fB\fBzfs receive\fR [\fB-vnFu\fR] [[\fB-o\fR \fIproperty\fR=\fIvalue\fR] | [\fB-x\fR \fIproperty\fR]] ... \fIfilesystem\fR|\fIvolume\fR|\fIsnapshot\fR\fR
2279 2506
.ad
2280 2507
.br
2281 2508
.na
2282
\fB\fBzfs receive\fR [\fB-vnFu\fR] [\fB-d\fR | \fB-e\fR] \fIfilesystem\fR\fR
2509
\fB\fBzfs receive\fR [\fB-vnFu\fR] [[\fB-o\fR \fIproperty\fR=\fIvalue\fR] | [\fB-x\fR \fIproperty\fR]] ... [\fB-d\fR | \fB-e\fR] \fIfilesystem\fR\fR
2283 2510
.ad
2284 2511
.sp .6
2285 2512
.RS 4n
......
2287 2514
.sp
2288 2515
If an incremental stream is received, then the destination file system must already exist, and its most recent snapshot must match the incremental stream's source. For \fBzvols\fR, the destination device link is destroyed and recreated, which means the \fBzvol\fR cannot be accessed during the \fBreceive\fR operation.
2289 2516
.sp
2290
When a snapshot replication package stream that is generated by using the \fBzfs send\fR \fB-R\fR command is  received, any snapshots that do not exist on the sending location are destroyed by using the \fBzfs destroy\fR \fB-d\fR command.
2517
When a snapshot replication package stream that is generated by using the \fBzfs send\fR \fB-R\fR command is received, any snapshots that do not exist on the sending location are destroyed by using the \fBzfs destroy\fR \fB-d\fR command. If \fB-o\fR \fIproperty\fR=\fIvalue\fR or \fB-x\fR property is specified, it applies to the effective value of the property throughout the entire subtree of replicated datasets. Effective property values may be set or inherited, depending on the property and whether the dataset is the topmost in the replicated subtree. Received properties are retained in spite of being overridden and may be restored with \fBzfs inherit\fR \fB-rS\fR or \fBzfs send\fR \fB-Rb\fR.
2291 2518
.sp
2292 2519
The name of the snapshot (and file system, if a full stream is received) that this subcommand creates depends on the argument type and the \fB-d\fR or \fB-e\fR option.
2293 2520
.sp
......
2318 2545
.ne 2
2319 2546
.mk
2320 2547
.na
2321
\fB\fB-u\fR\fR
2548
\fB\fB-F\fR\fR
2322 2549
.ad
2323 2550
.sp .6
2324 2551
.RS 4n
2325
File system that is associated with the received stream is not mounted.
2552
Force a rollback of the file system to the most recent snapshot before performing the receive operation. If receiving an incremental replication stream (for example, one generated by \fBzfs send -R -[iI]\fR), destroy snapshots and file systems that do not exist on the sending side.
2326 2553
.RE
2327 2554

  
2328 2555
.sp
2329 2556
.ne 2
2330 2557
.mk
2331 2558
.na
2332
\fB\fB-v\fR\fR
2559
\fB\fB-n\fR\fR
2333 2560
.ad
2334 2561
.sp .6
2335 2562
.RS 4n
2336
Print verbose information about the stream and the time required to perform the receive operation.
2563
Do not actually receive the stream. This can be useful in conjunction with the \fB-v\fR option to verify the name the receive operation would use.
2337 2564
.RE
2338 2565

  
2339 2566
.sp
2340 2567
.ne 2
2341 2568
.mk
2342 2569
.na
2343
\fB\fB-n\fR\fR
2570
\fB\fB-o\fR \fIproperty\fR=\fIvalue\fR\fR
2344 2571
.ad
2345 2572
.sp .6
2346 2573
.RS 4n
2347
Do not actually receive the stream. This can be useful in conjunction with the \fB-v\fR option to verify the name the receive operation would use.
2574
Sets the specified property as if the command \fBzfs set\fR \fIproperty\fR=\fIvalue\fR is invoked at the same time the received dataset is created from the non-incremental \fBsend\fR stream or updated from the incremental \fBsend\fR stream. Any editable ZFS property can also be set at receive time. Set-once properties bound to the received data, such as \fBnormalization\fR and \fBcasesensitivity\fR, cannot be set at receive time even when the datasets are newly created by \fBzfs receive\fR. Multiple \fB-o\fR options can be specified. An error results if the same property is specified in multiple \fB-o\fR or \fB-x\fR options.
2348 2575
.RE
2349 2576

  
2350 2577
.sp
2351 2578
.ne 2
2352 2579
.mk
2353 2580
.na
2354
\fB\fB-F\fR\fR
2581
\fB\fB-u\fR\fR
2355 2582
.ad
2356 2583
.sp .6
2357 2584
.RS 4n
2358
Force a rollback of the file system to the most recent snapshot before performing the receive operation. If receiving an incremental replication stream (for example, one generated by \fBzfs send -R -[iI]\fR), destroy snapshots and file systems that do not exist on the sending side.
2585
File system that is associated with the received stream is not mounted.
2586
.RE
2587

  
2588
.sp
2589
.ne 2
2590
.mk
2591
.na
2592
\fB\fB-v\fR\fR
2593
.ad
2594
.sp .6
2595
.RS 4n
2596
Print verbose information about the stream and the time required to perform the receive operation.
2597
.RE
2598

  
2599
.sp
2600
.ne 2
2601
.mk
2602
.na
2603
\fB\fB-x\fR \fIproperty\fR\fR
2604
.ad
2605
.sp .6
2606
.RS 4n
2607
Ensures that the effective value of the specified property after the \fBreceive\fR is unaffected by the value of that property in the \fBsend\fR stream (if any), as if the property had been excluded from the \fBsend\fR stream. If the specified property is not present in the \fBsend\fR stream, this option does nothing. If a received property needs to be overridden, the effective value can be set or inherited, depending on the property. In the case of an incremental update, \fB-x\fR leaves any existing local setting or explicit inheritance unchanged (since the received property is already overridden). All \fB-o\fR restrictions apply equally to \fB-x\fR.
2359 2608
.RE
2360 2609

  
2361 2610
.RE
......
2375 2624
.ne 2
2376 2625
.mk
2377 2626
.na
2378
\fB\fBzfs allow\fR [\fB-ldug\fR] "\fIeveryone\fR"|\fIuser\fR|\fIgroup\fR[,...] \fIperm\fR|@\fIsetname\fR[,...] \fIfilesystem\fR| \fIvolume\fR\fR
2627
\fB\fBzfs allow\fR [\fB-ldug\fR] \fBeveryone\fR|\fIuser\fR|\fIgroup\fR[,...] \fIperm\fR|@\fIsetname\fR[,...] \fIfilesystem\fR| \fIvolume\fR\fR
2379 2628
.ad
2380 2629
.br
2381 2630
.na
......
2388 2637
.ne 2
2389 2638
.mk
2390 2639
.na
2391
\fB[\fB-ug\fR] "\fIeveryone\fR"|\fIuser\fR|\fIgroup\fR[,...]\fR
2640
\fB[\fB-ug\fR] \fBeveryone\fR|\fIuser\fR|\fIgroup\fR[,...]\fR
2392 2641
.ad
2393 2642
.sp .6
2394 2643
.RS 4n
2395
Specifies to whom the permissions are delegated. Multiple entities can be specified as a comma-separated list. If neither of the \fB-ug\fR options are specified, then the argument is interpreted preferentially as the keyword "everyone", then as a user name, and lastly as a group name. To specify a user or group named "everyone", use the \fB-u\fR or \fB-g\fR options. To specify a group with the same name as a user, use the \fB-g\fR options.
2644
Specifies to whom the permissions are delegated. Multiple entities can be specified as a comma-separated list. If neither of the \fB-ug\fR options are specified, then the argument is interpreted preferentially as the keyword \fBeveryone\fR, then as a user name, and lastly as a group name. To specify a user or group named "everyone", use the \fB-u\fR or \fB-g\fR options. To specify a group with the same name as a user, use the \fB-g\fR options.
2396 2645
.RE
2397 2646

  
2398 2647
.sp
......
2403 2652
.ad
2404 2653
.sp .6
2405 2654
.RS 4n
2406
Specifies that the permissions be delegated to "everyone." Multiple permissions may be specified as a comma-separated list. Permission names are the same as \fBZFS\fR subcommand and property names. See the property list below. Property set names, which begin with an at sign (\fB@\fR) , may be specified. See the \fB-s\fR form below for details.
2655
Specifies that the permissions be delegated to \fBeveryone\fR. Multiple permissions may be specified as a comma-separated list. Permission names are the same as \fBZFS\fR subcommand and property names. See the property list below. Property set names, which begin with an at sign (\fB@\fR) , may be specified. See the \fB-s\fR form below for details.
2407 2656
.RE
2408 2657

  
2409 2658
.sp
......
2429 2678
allow            subcommand     Must also have the permission that is
2430 2679
                                being allowed
2431 2680
clone            subcommand     Must also have the 'create' ability and
2432
                                'mount'
2433
                                ability in the origin file system
2681
                                'mount' ability in the origin file system
2434 2682
create           subcommand     Must also have the 'mount' ability
2435 2683
destroy          subcommand     Must also have the 'mount' ability
2684
diff             subcommand     Allows user to compare differences
2685
                                between snapshots of a ZFS dataset
2436 2686
hold             subcommand     Allows adding a user hold to a snapshot
2687
key              subcommand     Allows key loading or unloading
2688
keychange        other          Allows wrapping key change and re-key
2437 2689
mount            subcommand     Allows mount/umount of ZFS datasets
2438 2690
promote          subcommand     Must also have the 'mount' and 'promote'
2439 2691
                                ability in the origin file system
2440
receive          subcommand     Must also have the 'mount' and 'create'
2441
                                ability
2692
receive          subcommand     Must also have the 'mount' and 'create' ability
2442 2693
release          subcommand     Allows releasing a user hold which
2443 2694
                                might destroy the snapshot
2444 2695
rename           subcommand     Must also have the 'mount' and 'create'
......
2452 2703
                                property
2453 2704
groupused        other          Allows reading any groupused@... property
2454 2705
userprop         other          Allows changing any user property
2455
userquota        other          Allows accessing any userquota@...
2456
                                property
2706
userquota        other          Allows accessing any userquota@... property
2457 2707
userused         other          Allows reading any userused@... property
2458 2708
aclinherit       property
2459 2709
aclmode          property
......
2465 2715
copies           property
2466 2716
dedup            property
2467 2717
devices          property
2718
encryption       property
2468 2719
exec             property
2720
keysource        property
2469 2721
logbias          property
2470 2722
mlslabel         property
2471 2723
mountpoint       property
......
2478 2730
refquota         property
2479 2731
refreservation   property
2480 2732
reservation      property
2733
rstchown         property
2481 2734
secondarycache   property
2482 2735
setuid           property
2483
shareiscsi       property
2484 2736
sharenfs         property
2485 2737
sharesmb         property
2486 2738
snapdir          property
......
2521 2773
.ne 2
2522 2774
.mk
2523 2775
.na
2524
\fB\fBzfs unallow\fR [\fB-rldug\fR] "\fIeveryone\fR"|\fIuser\fR|\fIgroup\fR[,...] [\fIperm\fR|@\fIsetname\fR[, ...]] \fIfilesystem\fR|\fIvolume\fR\fR
2776
\fB\fBzfs unallow\fR [\fB-rldug\fR] \fBeveryone\fR|\fIuser\fR|\fIgroup\fR[,...] [\fIperm\fR|@\fIsetname\fR[, ...]] \fIfilesystem\fR|\fIvolume\fR\fR
2525 2777
.ad
2526 2778
.br
2527 2779
.na
......
2537 2789
.ad
2538 2790
.sp .6
2539 2791
.RS 4n
2540
Removes permissions that were granted with the \fBzfs allow\fR command. No permissions are explicitly denied, so other permissions granted are still in effect. For example, if the permission is granted by an ancestor. If no permissions are specified, then all permissions for the specified \fIuser\fR, \fIgroup\fR, or \fIeveryone\fR are removed. Specifying "everyone" (or using the \fB-e\fR option) only removes the permissions that were granted to "everyone", not all permissions for every user and group. See the \fBzfs allow\fR command for a description of the \fB-ldugec\fR options.
2792
Removes permissions that were granted with the \fBzfs allow\fR command. No permissions are explicitly denied, so other permissions granted are still in effect. For example, if the permission is granted by an ancestor. If no permissions are specified, then all permissions for the specified \fIuser\fR, \fIgroup\fR, or \fBeveryone\fR are removed. Specifying \fBeveryone\fR (or using the \fB-e\fR option) only removes the permissions that were granted to \fBeveryone\fR, not all permissions for every user and group. See the \fBzfs allow\fR command for a description of the \fB-ldugec\fR options.
2541 2793
.sp
2542 2794
.ne 2
2543 2795
.mk
......
2636 2888

  
2637 2889
.RE
2638 2890

  
2639
.SH EXAMPLES
2640
.LP
2641
\fBExample 1 \fRCreating a ZFS File System Hierarchy
2642
.sp
2643
.LP
2644
The following commands create a file system named \fBpool/home\fR and a file system named \fBpool/home/bob\fR. The mount point \fB/export/home\fR is set for the parent file system, and is automatically inherited by the child file system.
2645

  
2891
.sp
2892
.ne 2
2893
.mk
2894
.na
2895
\fB\fBzfs diff\fR [\fB-FHt\fR] \fIsnapshot\fR  \fIsnapshot\fR | \fIfilesystem\fR\fR
2896
.ad
2897
.sp .6
2898
.RS 4n
2899
Gives a high-level description of the differences between a snapshot and a descendent dataset. The descendent can be either a snapshot of the dataset or the current dataset.
2900
.sp
2901
For each file that has undergone a change between the original snapshot and the descendent, the type of change is described along with the name of the file. In the case of a rename, both the old and new names are shown. Whitespace characters, backslash characters, and other non-printable or non-7-bit ASCII characters found in file names are displayed as a backslash character followed by the three-digit octal representation of the byte value.
2902
.sp
2903
If the \fB-t\fR option is specified, the first column of output from the command is the file's \fBst_ctim\fR value. For deleted files, this is the final \fBst_ctim\fR in the earlier snapshot.
2904
.sp
2905
The type of change follows any timestamp displayed, and is described with a single character:
2906
.sp
2907
.ne 2
2908
.mk
2909
.na
2910
\fB\fB+\fR\fR
2911
.ad
2912
.RS 5n
2913
.rt  
2914
Indicates the file was added in the later dataset.
2915
.RE
2916

  
2917
.sp
2918
.ne 2
2919
.mk
2920
.na
2921
\fB\fB-\fR\fR
2922
.ad
2923
.RS 5n
2924
.rt  
2925
Indicates the file was removed in the later dataset.
2926
.RE
2927

  
2928
.sp
2929
.ne 2
2930
.mk
2931
.na
2932
\fB\fBM\fR\fR
2933
.ad
2934
.RS 5n
2935
.rt  
2936
Indicates the file was modified in the later dataset.
2937
.RE
2938

  
2939
.sp
2940
.ne 2
2941
.mk
2942
.na
2943
\fB\fBR\fR\fR
2944
.ad
2945
.RS 5n
2946
.rt  
2947
Indicates the file was renamed in the later dataset.
2948
.RE
2949

  
2950
If the \fB-F\fR option is specified, the next column of output will be a single character describing the type of the file. The mappings are:
2951
.sp
2952
.ne 2
2953
.mk
2954
.na
2955
\fB\fBF\fR\fR
2956
.ad
2957
.RS 5n
2958
.rt  
2959
regular file
2960
.RE
2961

  
2962
.sp
2963
.ne 2
2964
.mk
2965
.na
2966
\fB\fB/\fR\fR
2967
.ad
2968
.RS 5n
2969
.rt  
2970
directory
2971
.RE
2972

  
2973
.sp
2974
.ne 2
2975
.mk
2976
.na
2977
\fB\fBB\fR\fR
2978
.ad
2979
.RS 5n
2980
.rt  
2981
block device
2982
.RE
2983

  
2984
.sp
2985
.ne 2
2986
.mk
2987
.na
2988
\fB\fB>\fR\fR
2989
.ad
2990
.RS 5n
2991
.rt  
2992
door
2993
.RE
2994

  
2995
.sp
2996
.ne 2
2997
.mk
2998
.na
2999
\fB\fB|\fR\fR
3000
.ad
3001
.RS 5n
3002
.rt  
3003
FIFO
3004
.RE
3005

  
3006
.sp
3007
.ne 2
3008
.mk
3009
.na
3010
\fB\fB@\fR\fR
3011
.ad
3012
.RS 5n
3013
.rt  
3014
symbolic link
3015
.RE
3016

  
3017
.sp
3018
.ne 2
3019
.mk
3020
.na
3021
\fB\fBP\fR\fR
3022
.ad
3023
.RS 5n
3024
.rt  
3025
event portal
3026
.RE
3027

  
3028
.sp
3029
.ne 2
3030
.mk
3031
.na
3032
\fB\fB=\fR\fR
3033
.ad
3034
.RS 5n
3035
.rt  
3036
socket
3037
.RE
3038

  
3039
If the modification involved a change in the link count of a non-directory file, the change will be expressed as a delta within parentheses on the modification line. If the file was renamed, the old name will be separated from the new with the string "\fB->\fR".
3040
.sp
3041
The following is example output with both the \fB-F\fR and \fB-t\fR options specified:
3042
.sp
3043
.in +2
3044
.nf
3045
1269962501.206726811   M   /   /myfiles/
3046
1269962444.207369955   M   F   /myfiles/link_to_me      (+1)
3047
1269962499.207519034   R       /myfiles/rename_me -> /myfiles/renamed
3048
1269962431.813566720   -   F   /myfiles/delete_me
3049
1269962518.666905544   +   F   /myfiles/new_file
3050
1269962501.393099817   +   |   /myfiles/new_pipe
3051
.fi
3052
.in -2
3053
.sp
3054

  
3055
If the \fB-H\fR option is selected, easier-to-parse output is produced. Fields are separated by a single tab, and no arrow string (\fB->\fR) is placed between the old and new names of a rename. No guarantees are made on the spacing between fields of non \fB-H\fR output.
3056
.sp
3057
Unless they already have the \fB{PRIV_SYS_CONFIG}\fR or \fB{PRIV_SYS_MOUNT}\fR privilege, users must be granted the \fBdiff\fR permission with \fBzfs allow\fR to use this subcommand.
3058
.RE
3059

  
3060
.sp
3061
.ne 2
3062
.mk
3063
.na
3064
\fB\fBzfs key\fR { \fB-l\fR | \fB-u\fR [\fB-f\fR] | \fB-K\fR } \fB-a\fR | [\fB-r\fR] \fIfilesystem\fR|\fIvolume\fR\fR
3065
.ad
3066
.sp .6
3067
.RS 4n
3068
Loads and unloads the encryption key for a dataset and any datasets that inherit the key. The key that is provided with this command is not the actual key that is used to encrypt the dataset. It is a wrapping key for the set of data encryption keys for the dataset.
3069
.sp
3070
.ne 2
3071
.mk
3072
.na
3073
\fB\fB-a\fR\fR
3074
.ad
3075
.sp .6
3076
.RS 4n
3077
Apply to all datasets in all pools on the system.
3078
.RE
3079

  
3080
.sp
3081
.ne 2
3082
.mk
3083
.na
3084
\fB\fB-r\fR\fR
3085
.ad
3086
.sp .6
3087
.RS 4n
3088
Apply the operation recursively to all datasets below the named file system or volume.
3089
.RE
3090

  
3091
.sp
3092
.ne 2
3093
.mk
3094
.na
3095
\fB\fB-l\fR\fR
3096
.ad
3097
.sp .6
3098
.RS 4n
3099
Loads the wrapping key to unlock the encrypted dataset and datasets that inherit the key. This command loads the key based on what is defined by the dataset's \fBkeysource\fR property.
3100
.sp
3101
During a pool import, a key load operation is performed when a dataset is mounted. During boot, if the wrapping key is available and the \fBkeysource\fR is not set to \fBprompt\fR, the key load operation is performed.
3102
.RE
3103

  
3104
.sp
3105
.ne 2
3106
.mk
3107
.na
3108
\fB\fB-u\fR\fR
3109
.ad
3110
.sp .6
3111
.RS 4n
3112
Unmounts the dataset and then attempts to unload the wrapping key for an encrypted dataset and datasets that inherit the key. If successful, the dataset is not accessible and is unmounted.
3113
.RE
3114

  
3115
.sp
3116
.ne 2
3117
.mk
3118
.na
3119
\fB\fB-f\fR\fR
3120
.ad
3121
.sp .6
3122
.RS 4n
3123
Attempts to force unmount the dataset before attempting to unload the key. If not specified, a normal unmount is attempted.
3124
.RE
3125

  
3126
.sp
3127
.ne 2
3128
.mk
3129
.na
3130
\fB\fB-K\fR\fR
3131
.ad
3132
.sp .6
3133
.RS 4n
3134
Creates a new data encryption key for this dataset. Data written after this operation will use the new data encryption key.
3135
.RE
3136

  
3137
.RE
3138

  
3139
.sp
3140
.ne 2
3141
.mk
3142
.na
3143
\fB\fBzfs key\fR \fB-c\fR [\fB-o\fR \fIproperty\fR=\fIvalue\fR] \fIfilesystem\fR|\fIvolume\fR\fR
3144
.ad
3145
.sp .6
3146
.RS 4n
3147
Changes the wrapping key for the key of an encrypted dataset and the datasets that inherit it. The existing key must already have been loaded before the key change operation can occur.
3148
.sp
3149
If the new key has a different format or locator, the \fBkeysource\fR property must be included as part of the command. Only the \fBkeysource\fR property can be changed as part of the \fBzfs key\fR \fB-c\fR command.
3150
.sp
3151
.ne 2
3152
.mk
3153
.na
3154
\fB\fB-o\fR \fIproperty\fR=\fIvalue\fR\fR
3155
.ad
3156
.sp .6
3157
.RS 4n
3158
Property to be changed as part of the key change operation. The \fBkeysource\fR property is the only option that can be changed as part of a key change operation.
3159
.sp
3160
You must have permission to change the \fBkeysource\fR properties.
3161
.RE
3162

  
3163
.RE
3164

  
3165
.SH EXAMPLES
3166
.LP
3167
\fBExample 1 \fRCreating a ZFS File System Hierarchy
3168
.sp
3169
.LP
3170
The following commands create a file system named \fBpool/home\fR and a file system named \fBpool/home/bob\fR. The mount point \fB/export/home\fR is set for the parent file system, and is automatically inherited by the child file system.
3171

  
2646 3172
.sp
2647 3173
.in +2
2648 3174
.nf
......
2742 3268
# \fBzfs get all pool/home/bob\fR
2743 3269
NAME           PROPERTY              VALUE                  SOURCE
2744 3270
pool/home/bob  type                  filesystem             -
2745
pool/home/bob  creation              Mon Nov  9 15:05 2009  -
2746
pool/home/bob  used                  282M                   -
2747
pool/home/bob  available             134G                   -
2748
pool/home/bob  referenced            282M                   -
3271
pool/home/bob  creation              Wed May  5  6:13 2010  -
3272
pool/home/bob  used                  21K                    -
3273
pool/home/bob  available             50.0G                  -
3274
pool/home/bob  referenced            21K                    -
2749 3275
pool/home/bob  compressratio         1.00x                  -
2750 3276
pool/home/bob  mounted               yes                    -
2751
pool/home/bob  quota                 none                   default
3277
pool/home/bob  quota                 50G                    local
2752 3278
pool/home/bob  reservation           none                   default
2753 3279
pool/home/bob  recordsize            128K                   default
2754 3280
pool/home/bob  mountpoint            /pool/home/bob         default
2755 3281
pool/home/bob  sharenfs              off                    default
2756 3282
pool/home/bob  checksum              on                     default
2757
pool/home/bob  compression           on                     local
3283
pool/home/bob  compression           off                    default
2758 3284
pool/home/bob  atime                 on                     default
2759 3285
pool/home/bob  devices               on                     default
2760 3286
pool/home/bob  exec                  on                     default
......
2765 3291
pool/home/bob  aclmode               groupmask              default
2766 3292
pool/home/bob  aclinherit            restricted             default
2767 3293
pool/home/bob  canmount              on                     default
2768
pool/home/bob  shareiscsi            off                    default
2769 3294
pool/home/bob  xattr                 on                     default
2770 3295
pool/home/bob  copies                1                      default
2771 3296
pool/home/bob  version               4                      -
......
2780 3305
pool/home/bob  primarycache          all                    default
2781 3306
pool/home/bob  secondarycache        all                    default
2782 3307
pool/home/bob  usedbysnapshots       0                      -
2783
pool/home/bob  usedbydataset         282M                   -
3308
pool/home/bob  usedbydataset         21K                    -
2784 3309
pool/home/bob  usedbychildren        0                      -
2785 3310
pool/home/bob  usedbyrefreservation  0                      -
2786 3311
pool/home/bob  logbias               latency                default
......
2930 3455
.sp
2931 3456

  
2932 3457
.LP
2933
\fBExample 15 \fRCreating a ZFS Volume as an iSCSI Target Device
2934
.sp
2935
.LP
2936
The following example shows how to create a \fBZFS\fR volume as an \fBiSCSI\fR target. 
2937

  
2938
.sp
2939
.in +2
2940
.nf
2941
# \fBzfs create -V 2g pool/volumes/vol1\fR
2942
# \fBzfs set shareiscsi=on pool/volumes/vol1\fR
2943
# \fBiscsitadm list target\fR
2944
Target: pool/volumes/vol1
2945
 iSCSI Name: 
2946
 iqn.1986-03.com.sun:02:7b4b02a6-3277-eb1b-e686-a24762c52a8c
2947
 Connections: 0
2948
.fi
2949
.in -2
2950
.sp
2951

  
2952
.sp
2953
.LP
2954
After the \fBiSCSI\fR target is created, set up the \fBiSCSI\fR initiator. For more information about the Solaris \fBiSCSI\fR initiator, see \fBiscsitadm\fR(1M).
2955
.LP
2956
\fBExample 16 \fRPerforming a Rolling Snapshot
3458
\fBExample 15 \fRPerforming a Rolling Snapshot
2957 3459
.sp
2958 3460
.LP
2959 3461
The following example shows how to maintain a history of snapshots with a consistent naming scheme. To keep a week's worth of snapshots, the user destroys the oldest snapshot, renames the remaining snapshots, and then creates a new snapshot, as follows:
......
2975 3477
.sp
2976 3478

  
2977 3479
.LP
2978
\fBExample 17 \fRSetting \fBsharenfs\fR Property Options on a ZFS File System
3480
\fBExample 16 \fRSetting \fBsharenfs\fR Property Options on a ZFS File System
2979 3481
.sp
2980 3482
.LP
2981 3483
The following commands show how to set \fBsharenfs\fR property options to enable \fBrw\fR access for a set of \fBIP\fR addresses and to enable root access for system \fBneo\fR on the \fBtank/home\fR file system.
......
2993 3495
If you are using \fBDNS\fR for host name resolution, specify the fully qualified hostname.
2994 3496

  
2995 3497
.LP
2996
\fBExample 18 \fRDelegating ZFS Administration Permissions on a ZFS Dataset
3498
\fBExample 17 \fRDelegating ZFS Administration Permissions on a ZFS Dataset
2997 3499
.sp
2998 3500
.LP
2999 3501
The following example shows how to set permissions so that user \fBcindys\fR can create, destroy, mount, and take snapshots on \fBtank/cindys\fR. The permissions on \fBtank/cindys\fR are also displayed.
......
3023 3525
.sp
3024 3526

  
3025 3527
.LP
3026
\fBExample 19 \fRDelegating Create Time Permissions on a ZFS Dataset
3528
\fBExample 18 \fRDelegating Create Time Permissions on a ZFS Dataset
3027 3529
.sp
3028 3530
.LP
3029 3531
The following example shows how to grant anyone in the group \fBstaff\fR to create file systems in \fBtank/users\fR. This syntax also allows staff members to destroy their own file systems, but not destroy anyone else's file system. The permissions on \fBtank/users\fR are also displayed.
......
3045 3547
.sp
3046 3548

  
3047 3549
.LP
3048
\fBExample 20 \fRDefining and Granting a Permission Set on a ZFS Dataset
3550
\fBExample 19 \fRDefining and Granting a Permission Set on a ZFS Dataset
3049 3551
.sp
3050 3552
.LP
3051 3553
The following example shows how to define and grant a permission set on the \fBtank/users\fR file system. The permissions on \fBtank/users\fR are also displayed.
......
3069 3571
.sp
3070 3572

  
3071 3573
.LP
3072
\fBExample 21 \fRDelegating Property Permissions on a ZFS Dataset
3574
\fBExample 20 \fRDelegating Property Permissions on a ZFS Dataset
3073 3575
.sp
3074 3576
.LP
3075 3577
The following example shows to grant the ability to set quotas and reservations on the \fBusers/home\fR file system. The permissions on \fBusers/home\fR are also displayed.
......
3092 3594
.sp
3093 3595

  
3094 3596
.LP
3095
\fBExample 22 \fRRemoving ZFS Delegated Permissions on a ZFS Dataset
3597
\fBExample 21 \fRRemoving ZFS Delegated Permissions on a ZFS Dataset
3096 3598
.sp
3097 3599
.LP
3098 3600
The following example shows how to remove the snapshot permission from the \fBstaff\fR group on the \fBtank/users\fR file system. The permissions on \fBtank/users\fR are also displayed.
......
3109 3611
        create,destroy
3110 3612
Local+Descendent permissions on (tank/users)
3111 3613
        group staff @pset,create,mount
3112
------------------------------------------------------------- 
3614
-------------------------------------------------------------
3615
.fi
3616
.in -2
3617
.sp
3618

  
3619
.LP
3620
\fBExample 22 \fRCreating an Encrypted Dataset by Prompting for a Passphrase
3621
.sp
3622
.LP
3623
The following example shows how to create an encrypted dataset by using a \fBpassphrase\fR prompt, which is the default value of the \fBkeysource\fR property. This example assumes that the \fBtank/home\fR dataset is not encrypted.
3624

  
3625
.sp
3626
.in +2
3627
.nf
3628
# \fBzfs create -o encryption=on tank/home/bob\fR
3629
Enter passphrase for 'tank/home/bob/': \fB**********\fR
3630
Enter again: \fB**********\fR
3631
.fi
3632
.in -2
3633
.sp
3634

  
3635
.LP
3636
\fBExample 23 \fRCreating an Encrypted Dataset by Using a Raw Key
3637
.sp
3638
.LP
3639
In this example, the \fBpktool\fR(1) command is used to generate a raw key to a file. Next, an encrypted dataset (\fBtank/home/bob\fR) is created with the \fBaes-256-ccm\fR algorithm and the raw key file that was generated by \fBpktool\fR.
3640

  
3641
.sp
3642
.in +2
3643
.nf
3644
# \fBpktool genkey keystore=file outkey=/rmdisk/stick/mykey keytype=aes \e\fR
3645
\fBkeylen=256\fR
3646
# \fBzfs create encryption=aes-256-ccm \e
3647
-o keysource=raw,file:///rmdisk/stick/mykey tank/home/bob\fR
3113 3648
.fi
3114 3649
.in -2
3115 3650
.sp
3116 3651

  
3652
.LP
3653
\fBExample 24 \fRCreating an Encrypted Dataset with a Key Already Available
3654
.sp
3655
.LP
3656
In this example, all of the \fBtank/home\fR datasets inherit the \fBencryption\fR and \fBkeysource\fR properties.
3657

  
3658
.sp
3659
.in +2
3660
.nf
3661
# \fBzpool create -O encryption=on -O keysource=raw,file:///... tank ...\fR
3662
# \fBzfs create tank/home\fR
3663
.fi
3664
.in -2
3665
.sp
3666

  
3667
.LP
3668
\fBExample 25 \fRCreating an Encrypted Dataset with a Different Encryption Algorithm
3669
.sp
3670
.LP
3671
In this example, any \fBtank/home\fR datasets inherit the \fBkeysource\fR properties, but the \fBtank/home/bob\fR dataset is created using a different encryption algorithm.
3672

  
3673
.sp
3674
.in +2
3675
.nf
3676
# \fBzpool create tank ....\fR
3677
# \fBzfs create -o encryption=on tank/home\fR
3678
# \fBzfs get keystatus tank/home\fR
3679
NAME       PROPERTY   VALUE        SOURCE
3680
tank/home  keystatus  available    -
3681

  
3682
# \fBzfs create -o encryption=aes-256-ccm tank/home/bob\fR
3683
.fi
3684
.in -2
3685
.sp
3686

  
3687
.LP
3688
\fBExample 26 \fRChanging an Encrypted Dataset's Wrapping Key and Keysource
3689
.sp
3690
.LP
3691
This example shows how to change a dataset's wrapping key to a new key defined by the dataset's \fBkeysource\fR property.
3692

  
3693
.sp
3694
.in +2
3695
.nf
3696
# \fBzfs get keysource tank/home/bob\fR
3697
NAME  PROPERTY         VALUE                    SOURCE
3698
tank  keysource        raw,file:///etc/keyfile  default
3699

  
3700
# \fBzfs key -c -o keysource=passphrase,prompt  tank/home/bob/\fR
3701
Enter passphrase for 'tank/home/bob/': \fB**********\fR
3702
Enter again: \fB**********\fR
3703
.fi
3704
.in -2
3705
.sp
3706

  
3707
.sp
3708
.LP
3709
You must have the delegated \fBkey\fR and \fBkeychange\fR permissions to change the \fBkeysource\fR property.
3710

  
3711
.LP
3712
\fBExample 27 \fRRekeying the Dataset's Encryption Key
3713
.sp
3714
.LP
3715
This example shows how to change a dataset's encryption key, which is neither visible nor managed by you or an administrator. The dataset's encryption key is wrapped (encrypted) by the key specified in the \fBkeysource\fR property.
3716

  
3717
.sp
3718
.in +2
3719
.nf
3720
# \fBzfs key -K tank/project42\fR
3721
.fi
3722
.in -2
3723
.sp
3724

  
3725
.sp
3726
.LP
3727
You must have the delegated \fBkeychange\fR permission to perform a key change operation.
3728

  
3117 3729
.SH EXIT STATUS
3118 3730
.sp
3119 3731
.LP
......
3165 3777
.
3166 3778
ATTRIBUTE TYPEATTRIBUTE VALUE
3167 3779
_
3168
AvailabilitySUNWzfsu
3780
Availabilitysystem/file-system/zfs
3169 3781
_
3170 3782
Interface StabilityCommitted
3171 3783
.TE
......
3173 3785
.SH SEE ALSO
3174 3786
.sp
3175 3787
.LP
3176
\fBssh\fR(1), \fBiscsitadm\fR(1M), \fBmount\fR(1M), \fBshare\fR(1M), \fBsharemgr\fR(1M), \fBunshare\fR(1M), \fBzonecfg\fR(1M), \fBzpool\fR(1M), \fBchmod\fR(2), \fBstat\fR(2), \fBwrite\fR(2), \fBfsync\fR(3C), \fBdfstab\fR(4), \fBattributes\fR(5)
3788
\fBchown\fR(1), \fBpktool\fR(1), \fBssh\fR(1), \fBmount\fR(1M), \fBshare\fR(1M), \fBsharemgr\fR(1M), \fBunshare\fR(1M), \fBzonecfg\fR(1M), \fBzpool\fR(1M), \fBchmod\fR(2), \fBchown\fR(2), \fBstat\fR(2), \fBwrite\fR(2), \fBfsync\fR(3C), \fBdfstab\fR(4), \fBattributes\fR(5)
3177 3789
.sp
3178 3790
.LP
3179 3791
See the \fBgzip\fR(1) man page, which is not part of the SunOS man page collection.
3180 3792
.sp
3181 3793
.LP
3182 3794
For information about using the \fBZFS\fR web-based management tool and other \fBZFS\fR features, see the \fISolaris ZFS Administration Guide\fR.
3795
.SH NOTES
3796
.sp
3797
.LP
3798
A file described as modified by the \fBdiff\fR subcommand might have been modified in multiple ways. Any action that causes a change in the \fBst_ctim\fR (see \fBstat\fR(2)) is a basis for reporting a modification.
(5-5/8)