lspgpot

lspgpot [-al] [-d depth] [-o field[,field]...]

-a
    Display all properties of each pool. Equivalent to '-o all'.

-l
    Display longer output, including more detailed information about each pool. This usually means more properties being displayed than the default.

-d depth
    Display information only up to a certain depth in the ZFS namespace hierarchy. For example, `-d 1` will show only the root pools.

-o field[,field]...
    Specifies the fields to display. Common fields include `name`, `guid`, `health`, and any other ZFS pool properties.

The `lspgpot` command is part of the ZFS (Zettabyte File System) utilities and is used to list ZFS storage pools along with their global permissions. It's a valuable tool for administrators managing storage in environments that utilize ZFS, especially those incorporating delegated administration or shared access control. `lspgpot` displays essential information, enabling users to understand which pools are configured with global permissions and what these permissions entail. This allows for quick assessments of potential security implications associated with storage access and helps in auditing configurations to ensure compliance with security policies. Global permissions on ZFS pools can significantly impact data security, making `lspgpot` a critical command for ensuring controlled access and preventing unauthorized modifications. The output includes the pool name and a list of global permissions.

The `lspgpot` command requires appropriate privileges (usually root or ZFS management rights) to execute successfully. Incorrect interpretation of global permissions can lead to security vulnerabilities.

Global permissions in ZFS are access rights granted to users or groups at the pool level. These permissions apply to all datasets and file systems within that pool unless overridden by more specific permissions at lower levels. Proper management of global permissions is essential for data security.

The output of `lspgpot` lists pools and their associated global permissions. Pay close attention to the type of permissions granted (e.g., read, write, execute) and to whom they are granted. Investigate any unexpected or overly permissive configurations immediately. This often requires cross referencing with user or group accounts and responsibilities.
The columns displayed are controlled by the -o option.

The `lspgpot` command was introduced as part of the ZFS administration tools to provide a specific view of storage pools, particularly focusing on global permissions, which became increasingly important as ZFS adoption grew in environments with shared storage management. It builds upon the functionality of `zpool` and `zfs` by presenting a targeted summary of permissions.

zpool(8), zfs(8)