From 2a8ec2e599ff04fa8aea64bf6b97e7b93d0c4520 Mon Sep 17 00:00:00 2001 From: Alex Garel Date: Wed, 23 Oct 2024 14:38:48 +0200 Subject: [PATCH] docs: document permissions for syncoid in case of sync snapshot --- docs/sanoid.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/sanoid.md b/docs/sanoid.md index a1e64211..1693d3e3 100644 --- a/docs/sanoid.md +++ b/docs/sanoid.md @@ -157,13 +157,21 @@ chmod go-rwx -R /home/$OPERATOR/.ssh ``` Adding needed permissions to pull zfs syncs -```bash -# choose the right dataset according to your needs -zfs allow $OPERATOR hold,send zfs-hdd -zfs allow $OPERATOR hold,send zfs-nvme -zfs allow $OPERATOR hold,send rpool -``` +1. if you use `--no-sync-snap`, you only use `hold,send` + ```bash + # choose the right dataset according to your needs + zfs allow $OPERATOR hold,send zfs-hdd + zfs allow $OPERATOR hold,send zfs-nvme + zfs allow $OPERATOR hold,send rpool + ``` + +2. otherwise you'll need , you need `destroy,hold,mount,send,snapshot` + ```bash + # choose the right dataset according to your needs + zfs allow $OPERATOR destroy,hold,mount,send,snapshot rpool + ``` + #### test connection on BACKUP_SERVER On BACKUP_SERVER, test ssh connection: @@ -191,4 +199,4 @@ Don't forget to create a sane retention policy (with `autosnap=no`) in sanoid on **Note:** because of the 6h timeout, if you have big datasets, you may want to do the first synchronization before enabling the service. **Important:** try to have a good hierarchy of datasets, and separate what's from the server and what's from other servers. -Normally we put other servers backups in a off-backups dataset. It's important not to mix it with backups dataset which is for the server itself. \ No newline at end of file +Normally we put other servers backups in a off-backups dataset. It's important not to mix it with backups dataset which is for the server itself.