2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2008 Christoph Hellwig.
7 # Test permission checks in ->setattr
10 seqres=$RESULT_DIR/$seq
11 echo "QA output created by $seq"
15 status=1 # failure is the default!
16 trap "_cleanup_files; exit \$status" 0 1 2 3 15
17 tag="added by qa $seq"
20 # For some tests we need a secondary group for the qa_user. Currently
21 # that's not available in the framework, so the tests using it are
27 # Create two files, one owned by root, one by the qa_user
33 chown ${qa_user}:${qa_user} $test_user
37 # Remove our files again
47 sed -e "s,$test_root,test.root,g" -e "s,$test_user,test.user,g"
50 # get standard environment, filters and checks
54 # real QA test starts here
60 test_root=$TEST_DIR/$seq.$$.root
61 test_user=$TEST_DIR/$seq.$$.user
64 # make sure we have a normal umask set
69 # Test the ATTR_UID case
72 echo "testing ATTR_UID"
77 echo "user: chown root owned file to qa_user (should fail)"
78 su ${qa_user} -c "chown ${qa_user} $test_root" 2>&1 | _filter_files
80 echo "user: chown root owned file to root (should fail)"
81 su ${qa_user} -c "chown root $test_root" 2>&1 | _filter_files
83 echo "user: chown qa_user owned file to qa_user (should succeed)"
84 su ${qa_user} -c "chown ${qa_user} $test_user"
86 # this would work without _POSIX_CHOWN_RESTRICTED
87 echo "user: chown qa_user owned file to root (should fail)"
88 su ${qa_user} -c "chown root $test_user" 2>&1 | _filter_files
93 # Test the ATTR_GID case
96 echo "testing ATTR_GID"
101 echo "user: chgrp root owned file to root (should fail)"
102 su ${qa_user} -c "chgrp root $test_root" 2>&1 | _filter_files
104 echo "user: chgrp qa_user owned file to root (should fail)"
105 su ${qa_user} -c "chgrp root $test_user" 2>&1 | _filter_files
107 echo "user: chgrp root owned file to qa_user (should fail)"
108 su ${qa_user} -c "chgrp ${qa_user} $test_root" 2>&1 | _filter_files
110 echo "user: chgrp qa_user owned file to qa_user (should succeed)"
111 su ${qa_user} -c "chgrp ${qa_user} $test_user"
113 #echo "user: chgrp qa_user owned file to secondary group (should succeed)"
114 #su ${qa_user} -c "chgrp ${group2} $test_user"
119 # Test the ATTR_MODE case
122 echo "testing ATTR_MODE"
127 echo "user: chmod a+r on qa_user owned file (should succeed)"
128 su ${qa_user} -c "chmod a+r $test_user"
130 echo "user: chmod a+r on root owned file (should fail)"
131 su ${qa_user} -c "chmod a+r $test_root" 2>&1 | _filter_files
134 # Setup a file owned by the qa_user, but with a group ID that
135 # is not present in the qa_users group list (use root to make it easier for it)
136 # and mark it with set sgid bit
138 # From Posix (www.opengroup.org) for chmod:
139 # "If the calling process does not have appropriate privileges, and
140 # if the group ID of the file does not match the effective group ID
141 # or one of the supplementary group IDs and if the file is a regular
142 # file, bit S_ISGID (set-group-ID on execution) in the file's mode
143 # shall be cleared upon successful return from chmod()."
145 # reg file + file's gid not in process' group set + no approp. privileges -> clear sgid
147 echo "check that the sgid bit is cleared"
148 chown ${qa_user}:root $test_user
151 # and let the qa_user change permission bits
152 su ${qa_user} -c "chmod a+w $test_user"
153 stat -c '%A' $test_user
156 # Setup a file owned by the qa_user and with the suid bit set.
157 # A chmod by root should not clear the suid bit.
158 # There is nothing in Posix that says it should but just checking.
160 echo "check that suid bit is not cleared"
163 stat -c '%A' $test_user
168 # Now test out the clear of suid/sgid for chown
170 # From Posix (www.opengroup.org) for chown:
171 # "If the specified file is a regular file, one or more of the S_IXUSR,
172 # S_IXGRP, or S_IXOTH bits of the file mode are set, and the process
173 # does not have appropriate privileges, the set-user-ID (S_ISUID) and
174 # set-group-ID (S_ISGID) bits of the file mode shall be cleared upon
175 # successful return from chown(). If the specified file is a regular
176 # file, one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the
177 # file mode are set, and the process has appropriate privileges, it
178 # is implementation-defined whether the set-user-ID and set-group-ID
179 # bits are altered. If the chown() function is successfully invoked
180 # on a file that is not a regular file and one or more of the S_IXUSR,
181 # S_IXGRP, or S_IXOTH bits of the file mode are set, the set-user-ID
182 # and set-group-ID bits may be cleared."
184 # reg file + exec-mode-bits set + no appropriate privileges -> clear suid,sgid
185 # reg file + exec-mode-bits set + appropriate privileges -> maybe clear suid,sgid
186 # non reg file + exec-mode-bits set + chown success on file (??) -> maybe clear suid/sgid
188 echo "check that suid/sgid bits are cleared after successful chown..."
190 echo "with no exec perm"
191 chmod ug+s $test_user
192 echo -n "before: "; stat -c '%A' $test_user
193 chown root $test_user
194 echo -n "after: "; stat -c '%A' $test_user
196 echo "with user exec perm"
197 chmod ug+s $test_user
199 echo -n "before: "; stat -c '%A' $test_user
200 chown root $test_user
201 echo -n "after: "; stat -c '%A' $test_user
203 echo "with group exec perm"
204 chmod ug+s $test_user
207 echo -n "before: "; stat -c '%A' $test_user
208 chown root $test_user
209 echo -n "after: "; stat -c '%A' $test_user
211 echo "with user+group exec perm"
212 chmod ug+s $test_user
213 chmod ug+x $test_user
214 echo -n "before: "; stat -c '%A' $test_user
215 chown root $test_user
216 echo -n "after: "; stat -c '%A' $test_user
221 # Now test out the clear of suid/sgid for truncate
223 echo "check that suid/sgid bits are cleared after successful truncate..."
225 echo "with no exec perm"
226 echo frobnozzle >> $test_user
227 chmod ug+s $test_user
228 echo -n "before: "; stat -c '%A' $test_user
229 su ${qa_user} -c "echo > $test_user"
230 echo -n "after: "; stat -c '%A' $test_user
232 echo "with user exec perm"
233 echo frobnozzle >> $test_user
234 chmod ug+s $test_user
236 echo -n "before: "; stat -c '%A' $test_user
237 su ${qa_user} -c "echo > $test_user"
238 echo -n "after: "; stat -c '%A' $test_user
240 echo "with group exec perm"
241 echo frobnozzle >> $test_user
242 chmod ug+s $test_user
245 echo -n "before: "; stat -c '%A' $test_user
246 su ${qa_user} -c "echo > $test_user"
247 echo -n "after: "; stat -c '%A' $test_user
249 echo "with user+group exec perm"
250 echo frobnozzle >> $test_user
251 chmod ug+s $test_user
252 chmod ug+x $test_user
253 echo -n "before: "; stat -c '%A' $test_user
254 su ${qa_user} -c "echo > $test_user"
255 echo -n "after: "; stat -c '%A' $test_user
258 # Test ATTR_*TIMES_SET
261 echo "testing ATTR_*TIMES_SET"
266 echo "user: touch qa_user file (should succeed)"
267 su ${qa_user} -c "touch $test_user"
269 echo "user: touch root file (should fail)"
270 su ${qa_user} -c "touch $test_root" 2>&1 | _filter_files