From 88dc8b48153e9f0c58076c331469d58ca5b1ee98 Mon Sep 17 00:00:00 2001 From: Tim Shimmin Date: Wed, 10 Dec 2008 14:03:09 +0000 Subject: [PATCH] Test out the perm checks in xfs_setattr - chmod, chown, etc.. Merge of master-melb:xfs-cmds:32713a by kenmcd. Test out the perm checks in xfs_setattr - chmod, chown, etc.. --- 193 | 240 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 193.out | 51 ++++++++++++ group | 1 + 3 files changed, 292 insertions(+) create mode 100755 193 create mode 100644 193.out diff --git a/193 b/193 new file mode 100755 index 00000000..54c51a21 --- /dev/null +++ b/193 @@ -0,0 +1,240 @@ +#! /bin/sh +# FS QA Test No. 193 +# +# Test permission checks in ->setattr +# +#----------------------------------------------------------------------- +# Copyright (c) 2008 Christoph Hellwig. +#----------------------------------------------------------------------- +# +# creator +owner=hch@lst.de + +seq=`basename $0` +echo "QA output created by $seq" + +here=`pwd` +tmp=/tmp/$$ +status=1 # failure is the default! +trap "_cleanup_files; exit \$status" 0 1 2 3 15 +tag="added by qa $seq" + +# +# For some tests we need a secondary group for the qa_user. Currently +# that's not available in the framework, so the tests using it are +# commented out. +# +#group2=foo + +# +# Create two files, one owned by root, one by the qa_user +# +_create_files() +{ + touch test.root + touch test.${qa_user} + chown ${qa_user}:${qa_user} test.${qa_user} +} + +# +# Remove our files again +# +_cleanup_files() +{ + rm -f test.${qa_user} + rm -f test.root +} + +# get standard environment, filters and checks +. ./common.rc +. ./common.filter + +# real QA test starts here +_supported_fs xfs nfs udf +_supported_os Linux + +_require_user +_need_to_be_root + + +# +# make sure we have a normal umask set +# +umask 022 + + +# +# Test the ATTR_UID case +# +echo +echo "testing ATTR_UID" +echo + +_create_files + +echo "user: chown root owned file to qa_user (should fail)" +su ${qa_user} -c "chown ${qa_user} test.root" + +echo "user: chown root owned file to root (should fail)" +su ${qa_user} -c "chown root test.root" + +echo "user: chown qa_user owned file to qa_user (should succeed)" +su ${qa_user} -c "chown ${qa_user} test.${qa_user}" + +# this would work without _POSIX_CHOWN_RESTRICTED +echo "user: chown qa_user owned file to root (should fail)" +su ${qa_user} -c "chown root test.${qa_user}" + +_cleanup_files + +# +# Test the ATTR_GID case +# +echo +echo "testing ATTR_GID" +echo + +_create_files + +echo "user: chgrp root owned file to root (should fail)" +su ${qa_user} -c "chgrp root test.root" + +echo "user: chgrp qa_user owned file to root (should fail)" +su ${qa_user} -c "chgrp root test.${qa_user}" + +echo "user: chgrp root owned file to qa_user (should fail)" +su ${qa_user} -c "chgrp ${qa_user} test.root" + +echo "user: chgrp qa_user owned file to qa_user (should succeed)" +su ${qa_user} -c "chgrp ${qa_user} test.${qa_user}" + +#echo "user: chgrp qa_user owned file to secondary group (should succeed)" +#su ${qa_user} -c "chgrp ${group2} test.${qa_user}" + +_cleanup_files + + +# +# Test the ATTR_MODE case +# +echo +echo "testing ATTR_MODE" +echo + +_create_files + +echo "user: chmod a+r on qa_user owned file (should succeed)" +su ${qa_user} -c "chmod a+r test.${qa_user}" + +echo "user: chmod a+r on root owned file (should fail)" +su ${qa_user} -c "chmod a+r test.root" + +# +# Setup a file owned by the qa_user, but with a group ID that +# is not present in the qa_users group list (use root to make it easier for it) +# and mark it with set sgid bit +# +# From Posix (www.opengroup.org) for chmod: +# "If the calling process does not have appropriate privileges, and +# if the group ID of the file does not match the effective group ID +# or one of the supplementary group IDs and if the file is a regular +# file, bit S_ISGID (set-group-ID on execution) in the file's mode +# shall be cleared upon successful return from chmod()." +# i.e. +# reg file + file's gid not in process' group set + no approp. privileges -> clear sgid +# +echo "check that the sgid bit is cleared" +chown ${qa_user}:root test.${qa_user} +chmod g+s test.${qa_user} + +# and let the qa_user change permission bits +su ${qa_user} -c "chmod a+w test.${qa_user}" +stat -c '%A' test.${qa_user} + +# +# Setup a file owned by the qa_user and with the suid bit set. +# A chmod by root should not clear the suid bit. +# There is nothing in Posix that says it should but just checking. +# +echo "check that suid bit is not cleared" +chmod u+s test.${qa_user} +chmod a+w test.${qa_user} +stat -c '%A' test.${qa_user} + +_cleanup_files + +_create_files +# Now test out the clear of suid/sgid for chown +# +# From Posix (www.opengroup.org) for chown: +# "If the specified file is a regular file, one or more of the S_IXUSR, +# S_IXGRP, or S_IXOTH bits of the file mode are set, and the process +# does not have appropriate privileges, the set-user-ID (S_ISUID) and +# set-group-ID (S_ISGID) bits of the file mode shall be cleared upon +# successful return from chown(). If the specified file is a regular +# file, one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the +# file mode are set, and the process has appropriate privileges, it +# is implementation-defined whether the set-user-ID and set-group-ID +# bits are altered. If the chown() function is successfully invoked +# on a file that is not a regular file and one or more of the S_IXUSR, +# S_IXGRP, or S_IXOTH bits of the file mode are set, the set-user-ID +# and set-group-ID bits may be cleared." +# i.e. +# reg file + exec-mode-bits set + no appropriate privileges -> clear suid,sgid +# reg file + exec-mode-bits set + appropriate privileges -> maybe clear suid,sgid +# non reg file + exec-mode-bits set + chown success on file (??) -> maybe clear suid/sgid +# +echo "check that suid/sgid bits are cleared after successful chown..." + +echo "with no exec perm" +chmod ug+s test.${qa_user} +echo -n "before: "; stat -c '%A' test.${qa_user} +chown root test.${qa_user} +echo -n "after: "; stat -c '%A' test.${qa_user} + +echo "with user exec perm" +chmod ug+s test.${qa_user} +chmod u+x test.${qa_user} +echo -n "before: "; stat -c '%A' test.${qa_user} +chown root test.${qa_user} +echo -n "after: "; stat -c '%A' test.${qa_user} + +echo "with group exec perm" +chmod ug+s test.${qa_user} +chmod g+x test.${qa_user} +chmod u-x test.${qa_user} +echo -n "before: "; stat -c '%A' test.${qa_user} +chown root test.${qa_user} +echo -n "after: "; stat -c '%A' test.${qa_user} + +echo "with user+group exec perm" +chmod ug+s test.${qa_user} +chmod ug+x test.${qa_user} +echo -n "before: "; stat -c '%A' test.${qa_user} +chown root test.${qa_user} +echo -n "after: "; stat -c '%A' test.${qa_user} + +_cleanup_files + + +# +# Test ATTR_*TIMES_SET +# +echo +echo "testing ATTR_*TIMES_SET" +echo + +_create_files + +echo "user: touch qa_user file (should succeed)" +su ${qa_user} -c "touch test.${qa_user}" + +echo "user: touch root file (should fail)" +su ${qa_user} -c "touch test.root" + +_cleanup_files + +# success, all done +echo "*** done" +rm -f $seq.full +status=0 diff --git a/193.out b/193.out new file mode 100644 index 00000000..b89add39 --- /dev/null +++ b/193.out @@ -0,0 +1,51 @@ +QA output created by 193 + +testing ATTR_UID + +user: chown root owned file to qa_user (should fail) +chown: changing ownership of `test.root': Operation not permitted +user: chown root owned file to root (should fail) +chown: changing ownership of `test.root': Operation not permitted +user: chown qa_user owned file to qa_user (should succeed) +user: chown qa_user owned file to root (should fail) +chown: changing ownership of `test.fsgqa': Operation not permitted + +testing ATTR_GID + +user: chgrp root owned file to root (should fail) +chgrp: changing group of `test.root': Operation not permitted +user: chgrp qa_user owned file to root (should fail) +chgrp: changing group of `test.fsgqa': Operation not permitted +user: chgrp root owned file to qa_user (should fail) +chgrp: changing group of `test.root': Operation not permitted +user: chgrp qa_user owned file to qa_user (should succeed) + +testing ATTR_MODE + +user: chmod a+r on qa_user owned file (should succeed) +user: chmod a+r on root owned file (should fail) +chmod: changing permissions of `test.root': Operation not permitted +check that the sgid bit is cleared +-rw-rw-rw- +check that suid bit is not cleared +-rwSrw-rw- +check that suid/sgid bits are cleared after successful chown... +with no exec perm +before: -rwSr-Sr-- +after: -rw-r-Sr-- +with user exec perm +before: -rwsr-Sr-- +after: -rwxr-Sr-- +with group exec perm +before: -rwSr-sr-- +after: -rw-r-xr-- +with user+group exec perm +before: -rwsr-sr-- +after: -rwxr-xr-- + +testing ATTR_*TIMES_SET + +user: touch qa_user file (should succeed) +user: touch root file (should fail) +touch: cannot touch `test.root': Permission denied +*** done diff --git a/group b/group index 269b8264..1736ed52 100644 --- a/group +++ b/group @@ -295,3 +295,4 @@ atime 190 rw auto 191 nfs4acl auto 192 atime +193 metadata auto -- 2.39.5