ZFS send/receive over ssh on linux without allowing root login

I came upon the same problem earlier today. I found that you can authorize regular users to do certain operations with the "zfs allow" command:

as root, do the following on the server: zfs allow your_username receive,create,mount storage/photos

Afterwards, you'll be able to ssh into the server using your_username and you'll have zfs privileges to receive. See here: http://docs.oracle.com/cd/E19253-01/819-5461/gfkco/index.html

This doesn't completely remove root login, but it does secure things beyond a full-featured login.

Set up an SSH trust by copying the local user's public key (usually ~/.ssh/id_rsa.pub) to the authorized_keys file (~/.ssh/authorized_keys) for the remote user. This eliminates password prompts, and improves security as SSH keys are harder to bruteforce. You probably also want to make sure that sshd_config has PermitRootLogin without-password -- this restricts remote root logins to SSH keys only (even the correct password will fail).

You can then add security by using the ForceCommand directive in the authorized_keys file to permit only the zfs command to be executed.

@analog900 is on the right track.

One key to increased security, including avoiding the need for root logins, is to use the built-in permissions structure of ZFS, and also to structure your backup transfers the other way 'round and pull your backups over the network, rather than pushing them. The ability to back up filesystems without root access is one of the major design achievements of the ZFS filesystem.

Run the job on destination and pull the data from source, perhaps something like:

• On the source machine, create a non-privileged user account foo and use zfs allow to give that account the ability to create and send snapshots:

    zfs allow foo mount,snapshot,send,hold storage/photos

• On the destination machine, create a non-privileged account bar and give that account the ability to receive/create/mount filesystems:

    zfs allow bar mount,create,receive storage/photos

• On destination, as user bar, create an ssh key specifically for backup jobs. Install the public half of that key in the .ssh directory of user foo on the source machine. This gives user bar@destination secure ssh login access to the foo@source account. Also, edit the ~bar/.ssh/config file on destination so that it automatically uses the correct SSH key filename (which you created earlier) and username:

    Host source
       Hostname FQDN.of.source.example.com
       User foo
       IdentityFile ~bar/.ssh/backup_key_id_rsa

• Now run your backup job from bar@destination:

    dt=$(date +%Y-%m-%d_%H-%M-%S)
    ssh source "zfs snap storage/photos@frequent_$dt"
    ssh source "zfs send -R storage/photos@frequent_$dt" | zfs receive storage/photos

Doing it this way requires no root access whatsoever.