From 3e91ffd19e18d85c1ffe99f4cc7a6adf300e7c1b Mon Sep 17 00:00:00 2001 From: Alex Garel Date: Tue, 29 Oct 2024 22:33:55 +0100 Subject: [PATCH] docs: document permissions for syncoid (#432) in case of sync snapshot --- docs/sanoid.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/sanoid.md b/docs/sanoid.md index a1e64211..1693d3e3 100644 --- a/docs/sanoid.md +++ b/docs/sanoid.md @@ -157,13 +157,21 @@ chmod go-rwx -R /home/$OPERATOR/.ssh ``` Adding needed permissions to pull zfs syncs -```bash -# choose the right dataset according to your needs -zfs allow $OPERATOR hold,send zfs-hdd -zfs allow $OPERATOR hold,send zfs-nvme -zfs allow $OPERATOR hold,send rpool -``` +1. if you use `--no-sync-snap`, you only use `hold,send` + ```bash + # choose the right dataset according to your needs + zfs allow $OPERATOR hold,send zfs-hdd + zfs allow $OPERATOR hold,send zfs-nvme + zfs allow $OPERATOR hold,send rpool + ``` + +2. otherwise you'll need , you need `destroy,hold,mount,send,snapshot` + ```bash + # choose the right dataset according to your needs + zfs allow $OPERATOR destroy,hold,mount,send,snapshot rpool + ``` + #### test connection on BACKUP_SERVER On BACKUP_SERVER, test ssh connection: @@ -191,4 +199,4 @@ Don't forget to create a sane retention policy (with `autosnap=no`) in sanoid on **Note:** because of the 6h timeout, if you have big datasets, you may want to do the first synchronization before enabling the service. **Important:** try to have a good hierarchy of datasets, and separate what's from the server and what's from other servers. -Normally we put other servers backups in a off-backups dataset. It's important not to mix it with backups dataset which is for the server itself. \ No newline at end of file +Normally we put other servers backups in a off-backups dataset. It's important not to mix it with backups dataset which is for the server itself.