2 # FS QA Test No. 099. Modified from UDFQA test 036.
5 #-----------------------------------------------------------------------
6 # Copyright (c) 2000-2004 Silicon Graphics, Inc. All Rights Reserved.
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License as
10 # published by the Free Software Foundation.
12 # This program is distributed in the hope that it would be useful,
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 # GNU General Public License for more details.
17 # You should have received a copy of the GNU General Public License
18 # along with this program; if not, write the Free Software Foundation,
19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 #-----------------------------------------------------------------------
27 seqres=$RESULT_DIR/$seq
28 echo "QA output created by $seq"
32 status=1 # failure is the default!
33 trap "_cleanup; exit \$status" 0 1 2 3 15
35 # get standard environment, filters and checks
42 TARGET_DIR=$SCRATCH_MNT
43 [ "$FSTYP" == "xfs" ] && TARGET_DIR=$TEST_DIR
54 # minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
55 # This is set with chacl(1) and can be changed by chmod(1).
57 # Test that this is being set for ACL and for std unix permissions
58 # Test that we can get back the same ACL.
59 # Test std permissions for rwx.
62 # Test out default ACLs and that the ACL is being PASSed
63 # onto the children of the dir.
66 # Test out access check for extended ACLs.
67 # -> 3 extra ACEs: MASK, GROUP, USER
68 # -> the GROUP compares with egid of process _and_ the supplementary
69 # groups (as found in /etc/group)
71 # Test that mask works for USER, GROUP, GROUP_OBJ
72 # Test that the ACE type priority is working
73 # -> this would be done by simultaneously matching on ACEs
74 # -> interesting if it allows user to specify ACEs in any order
78 #-------------------------------------------------------
79 # real QA test starts here
87 [ -x $runas ] || _notrun "$runas executable not found"
94 rm -rf $seq.dir1 # in case file is left over from previous runs.
99 echo "=== Test minimal ACE ==="
102 # Note: as this is a shell script,
103 # will need read and execute permission set
104 # in order to execute it.
108 echo "Test was executed"
113 chown $acl1.$acl2 file1
117 echo "--- Test get and set of ACL ---"
118 echo "Note: IRIX interface gave an empty ACL - Linux outputs an ACL"
120 echo "Try using single colon separator"
121 echo "Note: IRIX interface FAILs because of single colon - Linux one allows it"
122 chacl u::r--,g::rwx,o:rw- file1 2>&1
123 echo "Expect to PASS"
124 chacl u::r--,g::rwx,o::rw- file1 2>&1
128 echo "--- Test sync of ACL with std permissions ---"
135 echo "--- Test owner permissions ---"
136 chacl u::r-x,g::---,o::--- file1 2>&1
139 echo "Expect to PASS"
140 $runas -u $acl1 -g $acl1 ./file1 2>&1
141 echo "Expect to FAIL"
142 $runas -u $acl2 -g $acl2 ./file1 2>&1
145 echo "--- Test group permissions ---"
146 chacl u::---,g::r-x,o::--- file1 2>&1
148 echo "Expect to FAIL - acl1 is owner"
149 $runas -u $acl1 -g $acl1 ./file1 2>&1
150 echo "Expect to PASS - acl2 matches group"
151 $runas -u $acl2 -g $acl2 ./file1 2>&1
152 echo "Expect to PASS - acl2 matches sup group"
153 $runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
154 echo "Expect to FAIL - acl3 is not in group"
155 $runas -u $acl3 -g $acl3 ./file1 2>&1
158 echo "--- Test other permissions ---"
159 chacl u::---,g::---,o::r-x file1 2>&1
161 echo "Expect to FAIL - acl1 is owner"
162 $runas -u $acl1 -g $acl1 ./file1 2>&1
163 echo "Expect to FAIL - acl2 is in group"
164 $runas -u $acl2 -g $acl2 ./file1 2>&1
165 echo "Expect to FAIL - acl2 is in sup. group"
166 $runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
167 echo "Expect to PASS - acl3 is not owner or in group"
168 $runas -u $acl3 -g $acl3 ./file1 2>&1
170 #-------------------------------------------------------
173 echo "=== Test Extended ACLs ==="
176 echo "--- Test adding a USER ACE ---"
177 echo "Expect to FAIL as no MASK provided"
178 chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id
179 echo "Ensure that ACL has not been changed"
181 echo "Expect to PASS - USER ACE matches user"
182 chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
184 $runas -u $acl2 -g $acl2 ./file1 2>&1
185 echo "Expect to FAIL - USER ACE does not match user"
186 $runas -u $acl3 -g $acl3 ./file1 2>&1
189 echo "--- Test adding a GROUP ACE ---"
190 echo "Expect to FAIL as no MASK provided"
191 chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id
192 echo "Ensure that ACL has not been changed"
194 chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
195 _acl_list file1 | _acl_filter_id
196 echo "Expect to PASS - GROUP ACE matches group"
197 $runas -u $acl2 -g $acl2 ./file1 2>&1
198 echo "Expect to PASS - GROUP ACE matches sup group"
199 $runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
200 echo "Expect to FAIL - GROUP ACE does not match group"
201 $runas -u $acl3 -g $acl3 ./file1 2>&1
203 #-------------------------------------------------------
206 echo "--- Test MASK ---"
209 chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
211 echo "Expect to FAIL as MASK prohibits execution"
212 $runas -u $acl2 -g $acl2 ./file1 2>&1
215 chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
216 echo "Expect to FAIL as MASK prohibits execution"
217 $runas -u $acl2 -g $acl2 ./file1 2>&1
220 chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
221 echo "Expect to PASS as MASK allows execution"
222 $runas -u $acl2 -g $acl2 ./file1 2>&1
224 #-------------------------------------------------------
227 echo "--- Test ACE priority ---"
229 chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
230 echo "Expect to FAIL as should match on owner"
231 $runas -u $acl1 -g $acl2 ./file1 2>&1
233 chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
234 echo "Expect to PASS as should match on user"
235 $runas -u $acl2 -g $acl2 ./file1 2>&1
237 #-------------------------------------------------------
240 echo "=== Test can read ACLs without access permissions ==="
241 # This was a bug in kernel code where syscred wasn't being used
242 # to override the capabilities
243 chacl o::---,g::---,u::--- file1 2>&1
246 #-------------------------------------------------------
249 echo "=== Test Default ACLs ==="
250 # make test clearer by testing with and without umask
254 chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
262 #ensure that umask is not having an effect
272 #-------------------------------------------------------
275 echo "=== Removing ACLs ==="
278 _acl_list acldir/file2
279 echo "Remove ACLs..."
282 chacl -R acldir/file2
283 echo "Note: IRIX interface would mean empty ACLs - Linux would show mode ACLs"
286 _acl_list acldir/file2
288 #-------------------------------------------------------
291 echo "=== Test out error messages for ACL text parsing ==="
297 chacl u:rumpledumpleunknownuser file1
298 chacl u:rumpledumpleunknownuser: file1
299 chacl g:rumpledumpleunknowngrp file1
300 chacl g:rumpledumpleunknowngrp: file1
301 chacl o:user1:rwx file1
302 chacl m:user1:rwx file1
306 #-------------------------------------------------------
309 echo "=== Test out large ACLs ==="
311 XFS_ACL_MAX_ENTRIES=25
312 num_aces_pre=`expr $XFS_ACL_MAX_ENTRIES - 1`
313 num_aces_post=`expr $XFS_ACL_MAX_ENTRIES + 1`
315 acl1=`_create_n_aces $num_aces_pre`
316 acl2=`_create_n_aces $XFS_ACL_MAX_ENTRIES`
317 acl3=`_create_n_aces $num_aces_post`
319 echo "1 below xfs acl max"
320 chacl $acl1 largeaclfile
321 _acl_list largeaclfile | _filter_aces_notypes
324 chacl $acl2 largeaclfile
325 _acl_list largeaclfile | _filter_aces_notypes
327 echo "1 above xfs acl max"
328 chacl $acl3 largeaclfile
329 _acl_list largeaclfile | _filter_aces_notypes
331 #-------------------------------------------------------