2 # FS QA Test No. 099. Modified from UDFQA test 036.
5 #-----------------------------------------------------------------------
6 # Copyright (c) 2000-2004 Silicon Graphics, Inc. All Rights Reserved.
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License as
10 # published by the Free Software Foundation.
12 # This program is distributed in the hope that it would be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, write the Free Software Foundation,
19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 #-----------------------------------------------------------------------
28 echo "QA output created by $seq"
32 status=1 # failure is the default!
33 trap "_cleanup; exit \$status" 0 1 2 3 15
35 # get standard environment, filters and checks
42 TARGET_DIR=$SCRATCH_MNT
43 [ "$FSTYP" == "xfs" ] && TARGET_DIR=$TEST_DIR
54 # minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
55 # This is set with chacl(1) and can be changed by chmod(1).
57 # Test that this is being set for ACL and for std unix permissions
58 # Test that we can get back the same ACL.
59 # Test std permissions for rwx.
62 # Test out default ACLs and that the ACL is being PASSed
63 # onto the children of the dir.
66 # Test out access check for extended ACLs.
67 # -> 3 extra ACEs: MASK, GROUP, USER
68 # -> the GROUP compares with egid of process _and_ the supplementary
69 # groups (as found in /etc/group)
71 # Test that mask works for USER, GROUP, GROUP_OBJ
72 # Test that the ACE type priority is working
73 # -> this would be done by simultaneously matching on ACEs
74 # -> interesting if it allows user to specify ACEs in any order
78 #-------------------------------------------------------
79 # real QA test starts here
85 [ -x $runas ] || _notrun "$runas executable not found"
93 rm -rf $seq.dir1 # in case file is left over from previous runs.
98 echo "=== Test minimal ACE ==="
101 # Note: as this is a shell script,
102 # will need read and execute permission set
103 # in order to execute it.
107 echo "Test was executed"
112 chown $acl1.$acl2 file1
116 echo "--- Test get and set of ACL ---"
117 echo "Note: IRIX interface gave an empty ACL - Linux outputs an ACL"
119 echo "Try using single colon separator"
120 echo "Note: IRIX interface FAILs because of single colon - Linux one allows it"
121 chacl u::r--,g::rwx,o:rw- file1 2>&1
122 echo "Expect to PASS"
123 chacl u::r--,g::rwx,o::rw- file1 2>&1
127 echo "--- Test sync of ACL with std permissions ---"
134 echo "--- Test owner permissions ---"
135 chacl u::r-x,g::---,o::--- file1 2>&1
138 echo "Expect to PASS"
139 $runas -u $acl1 -g $acl1 ./file1 2>&1
140 echo "Expect to FAIL"
141 $runas -u $acl2 -g $acl2 ./file1 2>&1
144 echo "--- Test group permissions ---"
145 chacl u::---,g::r-x,o::--- file1 2>&1
147 echo "Expect to FAIL - acl1 is owner"
148 $runas -u $acl1 -g $acl1 ./file1 2>&1
149 echo "Expect to PASS - acl2 matches group"
150 $runas -u $acl2 -g $acl2 ./file1 2>&1
151 echo "Expect to PASS - acl2 matches sup group"
152 $runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
153 echo "Expect to FAIL - acl3 is not in group"
154 $runas -u $acl3 -g $acl3 ./file1 2>&1
157 echo "--- Test other permissions ---"
158 chacl u::---,g::---,o::r-x file1 2>&1
160 echo "Expect to FAIL - acl1 is owner"
161 $runas -u $acl1 -g $acl1 ./file1 2>&1
162 echo "Expect to FAIL - acl2 is in group"
163 $runas -u $acl2 -g $acl2 ./file1 2>&1
164 echo "Expect to FAIL - acl2 is in sup. group"
165 $runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
166 echo "Expect to PASS - acl3 is not owner or in group"
167 $runas -u $acl3 -g $acl3 ./file1 2>&1
169 #-------------------------------------------------------
172 echo "=== Test Extended ACLs ==="
175 echo "--- Test adding a USER ACE ---"
176 echo "Expect to FAIL as no MASK provided"
177 chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id
178 echo "Ensure that ACL has not been changed"
180 echo "Expect to PASS - USER ACE matches user"
181 chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
183 $runas -u $acl2 -g $acl2 ./file1 2>&1
184 echo "Expect to FAIL - USER ACE does not match user"
185 $runas -u $acl3 -g $acl3 ./file1 2>&1
188 echo "--- Test adding a GROUP ACE ---"
189 echo "Expect to FAIL as no MASK provided"
190 chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id
191 echo "Ensure that ACL has not been changed"
193 chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
194 _acl_list file1 | _acl_filter_id
195 echo "Expect to PASS - GROUP ACE matches group"
196 $runas -u $acl2 -g $acl2 ./file1 2>&1
197 echo "Expect to PASS - GROUP ACE matches sup group"
198 $runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
199 echo "Expect to FAIL - GROUP ACE does not match group"
200 $runas -u $acl3 -g $acl3 ./file1 2>&1
202 #-------------------------------------------------------
205 echo "--- Test MASK ---"
208 chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
210 echo "Expect to FAIL as MASK prohibits execution"
211 $runas -u $acl2 -g $acl2 ./file1 2>&1
214 chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
215 echo "Expect to FAIL as MASK prohibits execution"
216 $runas -u $acl2 -g $acl2 ./file1 2>&1
219 chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
220 echo "Expect to PASS as MASK allows execution"
221 $runas -u $acl2 -g $acl2 ./file1 2>&1
223 #-------------------------------------------------------
226 echo "--- Test ACE priority ---"
228 chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
229 echo "Expect to FAIL as should match on owner"
230 $runas -u $acl1 -g $acl2 ./file1 2>&1
232 chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
233 echo "Expect to PASS as should match on user"
234 $runas -u $acl2 -g $acl2 ./file1 2>&1
237 #-------------------------------------------------------
240 echo "=== Test can read ACLs without access permissions ==="
241 # This was a bug in kernel code where syscred wasn't being used
242 # to override the capabilities
243 chacl o::---,g::---,u::--- file1 2>&1
246 #-------------------------------------------------------
249 echo "=== Test Default ACLs ==="
250 # make test clearer by testing with and without umask
254 chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
262 #ensure that umask is not having an effect
273 #-------------------------------------------------------
276 echo "=== Removing ACLs ==="
279 _acl_list acldir/file2
280 echo "Remove ACLs..."
283 chacl -R acldir/file2
284 echo "Note: IRIX interface would mean empty ACLs - Linux would show mode ACLs"
287 _acl_list acldir/file2
289 #-------------------------------------------------------
292 echo "=== Test out error messages for ACL text parsing ==="
298 chacl u:rumpledumpleunknownuser file1
299 chacl u:rumpledumpleunknownuser: file1
300 chacl g:rumpledumpleunknowngrp file1
301 chacl g:rumpledumpleunknowngrp: file1
302 chacl o:user1:rwx file1
303 chacl m:user1:rwx file1
307 #-------------------------------------------------------
310 echo "=== Test out large ACLs ==="
312 XFS_ACL_MAX_ENTRIES=25
313 num_aces_pre=`expr $XFS_ACL_MAX_ENTRIES - 1`
314 num_aces_post=`expr $XFS_ACL_MAX_ENTRIES + 1`
316 acl1=`_create_n_aces $num_aces_pre`
317 acl2=`_create_n_aces $XFS_ACL_MAX_ENTRIES`
318 acl3=`_create_n_aces $num_aces_post`
320 echo "1 below xfs acl max"
321 chacl $acl1 largeaclfile
322 _acl_list largeaclfile | _filter_aces_notypes
325 chacl $acl2 largeaclfile
326 _acl_list largeaclfile | _filter_aces_notypes
328 echo "1 above xfs acl max"
329 chacl $acl3 largeaclfile
330 _acl_list largeaclfile | _filter_aces_notypes
332 #-------------------------------------------------------
334 if [ "$FSTYP" == "udf" ]; then
337 # Check the filesystem