ZFS permission error 'cannot set property' when receiving snapshot from remote machine despite delegated permission

Ostheer

7/28/24, 9:41 PM

Context

I'm setting up ZFS autobackup on my home server for offsite backups. All commands printed below are run as non-root.

Problem

A 'permission denied' error arises originating from the target machine when the following command is issued:

(zfs send --large-block --embed --raw --verbose --parsable --props \
 -i @previous_snap localpool/mydataset@newest_snap) | \
(ssh ostsite 'zfs recv -u -o canmount=noauto -v -s \
remotepool/myserver/localpool/mydataset')

Full command output:

incremental localpool/mydataset@previous_snap   localpool/mydataset@newest_snap 624
size    624
receiving incremental stream of localpool/mydataset@newest_snap into     remotepool/myserver/localpool/mydataset@newest_snap
received 1.31K stream in 1 seconds (1.31K/sec)
cannot set property for 'remotepool/myserver/localpool/mydataset': permission denied

Findings so far

ZFS doesn't explicitly say which property cannot be set, but the only one I'm requesting to be set is canmount=noauto. On the target machine, I've delegated some zfs permissions to the receiving user:

sudo zfs allow myuser snapshot,receive,create,mountpoint,mount,userprop remotepool/myserver

And when I manually execute zfs set canmount=noauto remotepool/myserver/localpool/mydataset, this succeeds.

Questions

How can I see which property cannot be set?
How can I allow this property to be set (at recv-time)?

0 + 4

backup

zfs

snapshot

Andrew Henle

7/28/24, 9:47 PM

*And when I manually execute `zfs set canmount=noauto remotepool/myserver/localpool/mydataset`, this succeeds.* Are you running that as `root`, or as a normal user? What user are you using to send/receive the snapshots?

Ostheer

7/28/24, 9:49 PM

@AndrewHenle I've updated the question. the `zfs set` command succeeds as a regular user. The send and receive commands are also issued by regular users.

paladin

8/3/24, 3:26 PM

I'm pretty sure that low level filesystem operations require root or at least specific elevated rights.

Ostheer

8/15/24, 5:50 PM

@paladin hmm. But then I'm confused as to why it works when I manually execute `zfs set canmount ...` (as a regular user with appropriate zfs delegation).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: ZFS permission error 'cannot set property' when receiving snapshot from remote machine despite delegated permission

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.