I just discovered by accident that any user is able to create and destroy a dataset in a zfs pool currently imported in my macbook. Is this something by design or is something wrong with my config? And can I change this behaviour without running zfs unallow for every user/group?
I'm running O3X 1.9.3 on Mojave. Following are the steps to reproduce:
First as root:
- Code: Select all
cd /tmp
dd if=/dev/zero bs=1m count=100 of=vdisk1
hdiutil attach -imagekey diskimage-class=CRawDiskImage -nomount vdisk1
zpool create -f -o ashift=12 -O casesensitivity=insensitive -O normalization=formD tank $disk_from_prev_command
zfs create tank/foo
Now as a non-admin user:
- Code: Select all
zfs destroy tank/foo
and it will destroy the dataset