2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2008 Christoph Hellwig.
7 # Test permission checks in ->setattr
10 seqres=$RESULT_DIR/$seq
11 echo "QA output created by $seq"
15 status=1 # failure is the default!
16 trap "_cleanup_files; exit \$status" 0 1 2 3 15
17 tag="added by qa $seq"
20 # For some tests we need a secondary group for the qa_user. Currently
21 # that's not available in the framework, so the tests using it are
27 # Create two files, one owned by root, one by the qa_user
33 chown ${qa_user}:${qa_user} $test_user
37 # Remove our files again
47 sed -e "s,$test_root,test.root,g" -e "s,$test_user,test.user,g"
50 # get standard environment, filters and checks
54 # real QA test starts here
61 test_root=$TEST_DIR/$seq.$$.root
62 test_user=$TEST_DIR/$seq.$$.user
65 # make sure we have a normal umask set
70 # Test the ATTR_UID case
73 echo "testing ATTR_UID"
78 echo "user: chown root owned file to qa_user (should fail)"
79 su ${qa_user} -c "chown ${qa_user} $test_root" 2>&1 | _filter_files
81 echo "user: chown root owned file to root (should fail)"
82 su ${qa_user} -c "chown root $test_root" 2>&1 | _filter_files
84 echo "user: chown qa_user owned file to qa_user (should succeed)"
85 su ${qa_user} -c "chown ${qa_user} $test_user"
87 # this would work without _POSIX_CHOWN_RESTRICTED
88 echo "user: chown qa_user owned file to root (should fail)"
89 su ${qa_user} -c "chown root $test_user" 2>&1 | _filter_files
94 # Test the ATTR_GID case
97 echo "testing ATTR_GID"
102 echo "user: chgrp root owned file to root (should fail)"
103 su ${qa_user} -c "chgrp root $test_root" 2>&1 | _filter_files
105 echo "user: chgrp qa_user owned file to root (should fail)"
106 su ${qa_user} -c "chgrp root $test_user" 2>&1 | _filter_files
108 echo "user: chgrp root owned file to qa_user (should fail)"
109 su ${qa_user} -c "chgrp ${qa_user} $test_root" 2>&1 | _filter_files
111 echo "user: chgrp qa_user owned file to qa_user (should succeed)"
112 su ${qa_user} -c "chgrp ${qa_user} $test_user"
114 #echo "user: chgrp qa_user owned file to secondary group (should succeed)"
115 #su ${qa_user} -c "chgrp ${group2} $test_user"
120 # Test the ATTR_MODE case
123 echo "testing ATTR_MODE"
128 echo "user: chmod a+r on qa_user owned file (should succeed)"
129 su ${qa_user} -c "chmod a+r $test_user"
131 echo "user: chmod a+r on root owned file (should fail)"
132 su ${qa_user} -c "chmod a+r $test_root" 2>&1 | _filter_files
135 # Setup a file owned by the qa_user, but with a group ID that
136 # is not present in the qa_users group list (use root to make it easier for it)
137 # and mark it with set sgid bit
139 # From Posix (www.opengroup.org) for chmod:
140 # "If the calling process does not have appropriate privileges, and
141 # if the group ID of the file does not match the effective group ID
142 # or one of the supplementary group IDs and if the file is a regular
143 # file, bit S_ISGID (set-group-ID on execution) in the file's mode
144 # shall be cleared upon successful return from chmod()."
146 # reg file + file's gid not in process' group set + no approp. privileges -> clear sgid
148 echo "check that the sgid bit is cleared"
149 chown ${qa_user}:root $test_user
152 # and let the qa_user change permission bits
153 su ${qa_user} -c "chmod a+w $test_user"
154 stat -c '%A' $test_user
157 # Setup a file owned by the qa_user and with the suid bit set.
158 # A chmod by root should not clear the suid bit.
159 # There is nothing in Posix that says it should but just checking.
161 echo "check that suid bit is not cleared"
164 stat -c '%A' $test_user
169 # Now test out the clear of suid/sgid for chown
171 # From Posix (www.opengroup.org) for chown:
172 # "If the specified file is a regular file, one or more of the S_IXUSR,
173 # S_IXGRP, or S_IXOTH bits of the file mode are set, and the process
174 # does not have appropriate privileges, the set-user-ID (S_ISUID) and
175 # set-group-ID (S_ISGID) bits of the file mode shall be cleared upon
176 # successful return from chown(). If the specified file is a regular
177 # file, one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the
178 # file mode are set, and the process has appropriate privileges, it
179 # is implementation-defined whether the set-user-ID and set-group-ID
180 # bits are altered. If the chown() function is successfully invoked
181 # on a file that is not a regular file and one or more of the S_IXUSR,
182 # S_IXGRP, or S_IXOTH bits of the file mode are set, the set-user-ID
183 # and set-group-ID bits may be cleared."
185 # reg file + exec-mode-bits set + no appropriate privileges -> clear suid,sgid
186 # reg file + exec-mode-bits set + appropriate privileges -> maybe clear suid,sgid
187 # non reg file + exec-mode-bits set + chown success on file (??) -> maybe clear suid/sgid
189 echo "check that suid/sgid bits are cleared after successful chown..."
191 echo "with no exec perm"
192 chmod ug+s $test_user
193 echo -n "before: "; stat -c '%A' $test_user
194 chown root $test_user
195 echo -n "after: "; stat -c '%A' $test_user
197 echo "with user exec perm"
198 chmod ug+s $test_user
200 echo -n "before: "; stat -c '%A' $test_user
201 chown root $test_user
202 echo -n "after: "; stat -c '%A' $test_user
204 echo "with group exec perm"
205 chmod ug+s $test_user
208 echo -n "before: "; stat -c '%A' $test_user
209 chown root $test_user
210 echo -n "after: "; stat -c '%A' $test_user
212 echo "with user+group exec perm"
213 chmod ug+s $test_user
214 chmod ug+x $test_user
215 echo -n "before: "; stat -c '%A' $test_user
216 chown root $test_user
217 echo -n "after: "; stat -c '%A' $test_user
222 # Now test out the clear of suid/sgid for truncate
224 echo "check that suid/sgid bits are cleared after successful truncate..."
226 echo "with no exec perm"
227 echo frobnozzle >> $test_user
228 chmod ug+s $test_user
229 echo -n "before: "; stat -c '%A' $test_user
230 su ${qa_user} -c "echo > $test_user"
231 echo -n "after: "; stat -c '%A' $test_user
233 echo "with user exec perm"
234 echo frobnozzle >> $test_user
235 chmod ug+s $test_user
237 echo -n "before: "; stat -c '%A' $test_user
238 su ${qa_user} -c "echo > $test_user"
239 echo -n "after: "; stat -c '%A' $test_user
241 echo "with group exec perm"
242 echo frobnozzle >> $test_user
243 chmod ug+s $test_user
246 echo -n "before: "; stat -c '%A' $test_user
247 su ${qa_user} -c "echo > $test_user"
248 echo -n "after: "; stat -c '%A' $test_user
250 echo "with user+group exec perm"
251 echo frobnozzle >> $test_user
252 chmod ug+s $test_user
253 chmod ug+x $test_user
254 echo -n "before: "; stat -c '%A' $test_user
255 su ${qa_user} -c "echo > $test_user"
256 echo -n "after: "; stat -c '%A' $test_user
259 # Test ATTR_*TIMES_SET
262 echo "testing ATTR_*TIMES_SET"
267 echo "user: touch qa_user file (should succeed)"
268 su ${qa_user} -c "touch $test_user"
270 echo "user: touch root file (should fail)"
271 su ${qa_user} -c "touch $test_root" 2>&1 | _filter_files