hey can anyone here confirm that there's no zfs permission for destroying only snapshots?
@wxcafe I believe you are correct, but it's been awhile since I looked
@wxcafe I can confirm this based on the ZFS on Linux code. The 'can you destroy a snapshot' code delegates to a general 'can you destroy things' permission check that uses the overall 'destroy' permission.
(It also requires mount permissions, presumably because you have to be able to unmount something that you're about to destroy.)
@wxcafe Actually I think it may be possible to do this in practice under selective circumstances. You can delegate a permission only for descendants of a filesystem, not for the filesystem itself, so if a filesystem will only ever have snapshots underneath it, I think that a 'descendants only' destroy delegation will in practice only let people destroy snapshots, because that's all that exists.
Disclaimer: this is untested.