2 # SPDX-License-Identifier: GPL-2.0
3 # Copyright (c) 2008 Christoph Hellwig.
7 # Test permission checks in ->setattr
10 _begin_fstest metadata auto quick
12 _register_cleanup "_cleanup_files"
13 tag="added by qa $seq"
16 # For some tests we need a secondary group for the qa_user. Currently
17 # that's not available in the framework, so the tests using it are
23 # Create two files, one owned by root, one by the qa_user
29 chown ${qa_user}:${qa_user} $test_user
33 # Remove our files again
43 sed -e "s,$test_root,test.root,g" -e "s,$test_user,test.user,g"
46 # Import common functions.
49 # real QA test starts here
56 test_root=$TEST_DIR/$seq.$$.root
57 test_user=$TEST_DIR/$seq.$$.user
60 # make sure we have a normal umask set
65 # Test the ATTR_UID case
68 echo "testing ATTR_UID"
73 echo "user: chown root owned file to qa_user (should fail)"
74 su ${qa_user} -c "chown ${qa_user} $test_root" 2>&1 | _filter_files
76 echo "user: chown root owned file to root (should fail)"
77 su ${qa_user} -c "chown root $test_root" 2>&1 | _filter_files
79 echo "user: chown qa_user owned file to qa_user (should succeed)"
80 su ${qa_user} -c "chown ${qa_user} $test_user"
82 # this would work without _POSIX_CHOWN_RESTRICTED
83 echo "user: chown qa_user owned file to root (should fail)"
84 su ${qa_user} -c "chown root $test_user" 2>&1 | _filter_files
89 # Test the ATTR_GID case
92 echo "testing ATTR_GID"
97 echo "user: chgrp root owned file to root (should fail)"
98 su ${qa_user} -c "chgrp root $test_root" 2>&1 | _filter_files
100 echo "user: chgrp qa_user owned file to root (should fail)"
101 su ${qa_user} -c "chgrp root $test_user" 2>&1 | _filter_files
103 echo "user: chgrp root owned file to qa_user (should fail)"
104 su ${qa_user} -c "chgrp ${qa_user} $test_root" 2>&1 | _filter_files
106 echo "user: chgrp qa_user owned file to qa_user (should succeed)"
107 su ${qa_user} -c "chgrp ${qa_user} $test_user"
109 #echo "user: chgrp qa_user owned file to secondary group (should succeed)"
110 #su ${qa_user} -c "chgrp ${group2} $test_user"
115 # Test the ATTR_MODE case
118 echo "testing ATTR_MODE"
123 echo "user: chmod a+r on qa_user owned file (should succeed)"
124 su ${qa_user} -c "chmod a+r $test_user"
126 echo "user: chmod a+r on root owned file (should fail)"
127 su ${qa_user} -c "chmod a+r $test_root" 2>&1 | _filter_files
130 # Setup a file owned by the qa_user, but with a group ID that
131 # is not present in the qa_users group list (use root to make it easier for it)
132 # and mark it with set sgid bit
134 # From Posix (www.opengroup.org) for chmod:
135 # "If the calling process does not have appropriate privileges, and
136 # if the group ID of the file does not match the effective group ID
137 # or one of the supplementary group IDs and if the file is a regular
138 # file, bit S_ISGID (set-group-ID on execution) in the file's mode
139 # shall be cleared upon successful return from chmod()."
141 # reg file + file's gid not in process' group set + no approp. privileges -> clear sgid
143 echo "check that the sgid bit is cleared"
144 chown ${qa_user}:root $test_user
147 # and let the qa_user change permission bits
148 su ${qa_user} -c "chmod a+w $test_user"
149 stat -c '%A' $test_user
152 # Setup a file owned by the qa_user and with the suid bit set.
153 # A chmod by root should not clear the suid bit.
154 # There is nothing in Posix that says it should but just checking.
156 echo "check that suid bit is not cleared"
159 stat -c '%A' $test_user
164 # Now test out the clear of suid/sgid for chown
166 # From Posix (www.opengroup.org) for chown:
167 # "If the specified file is a regular file, one or more of the S_IXUSR,
168 # S_IXGRP, or S_IXOTH bits of the file mode are set, and the process
169 # does not have appropriate privileges, the set-user-ID (S_ISUID) and
170 # set-group-ID (S_ISGID) bits of the file mode shall be cleared upon
171 # successful return from chown(). If the specified file is a regular
172 # file, one or more of the S_IXUSR, S_IXGRP, or S_IXOTH bits of the
173 # file mode are set, and the process has appropriate privileges, it
174 # is implementation-defined whether the set-user-ID and set-group-ID
175 # bits are altered. If the chown() function is successfully invoked
176 # on a file that is not a regular file and one or more of the S_IXUSR,
177 # S_IXGRP, or S_IXOTH bits of the file mode are set, the set-user-ID
178 # and set-group-ID bits may be cleared."
180 # reg file + exec-mode-bits set + no appropriate privileges -> clear suid,sgid
181 # reg file + exec-mode-bits set + appropriate privileges -> maybe clear suid,sgid
182 # non reg file + exec-mode-bits set + chown success on file (??) -> maybe clear suid/sgid
184 echo "check that suid/sgid bits are cleared after successful chown..."
186 echo "with no exec perm"
187 chmod ug+s $test_user
188 echo -n "before: "; stat -c '%A' $test_user
189 chown root $test_user
190 echo -n "after: "; stat -c '%A' $test_user
192 echo "with user exec perm"
193 chmod ug+s $test_user
195 echo -n "before: "; stat -c '%A' $test_user
196 chown root $test_user
197 echo -n "after: "; stat -c '%A' $test_user
199 echo "with group exec perm"
200 chmod ug+s $test_user
203 echo -n "before: "; stat -c '%A' $test_user
204 chown root $test_user
205 echo -n "after: "; stat -c '%A' $test_user
207 echo "with user+group exec perm"
208 chmod ug+s $test_user
209 chmod ug+x $test_user
210 echo -n "before: "; stat -c '%A' $test_user
211 chown root $test_user
212 echo -n "after: "; stat -c '%A' $test_user
217 # Now test out the clear of suid/sgid for truncate
219 echo "check that suid/sgid bits are cleared after successful truncate..."
221 echo "with no exec perm"
222 echo frobnozzle >> $test_user
223 chmod ug+s $test_user
224 echo -n "before: "; stat -c '%A' $test_user
225 su ${qa_user} -c "echo > $test_user"
226 echo -n "after: "; stat -c '%A' $test_user
228 echo "with user exec perm"
229 echo frobnozzle >> $test_user
230 chmod ug+s $test_user
232 echo -n "before: "; stat -c '%A' $test_user
233 su ${qa_user} -c "echo > $test_user"
234 echo -n "after: "; stat -c '%A' $test_user
236 echo "with group exec perm"
237 echo frobnozzle >> $test_user
238 chmod ug+s $test_user
241 echo -n "before: "; stat -c '%A' $test_user
242 su ${qa_user} -c "echo > $test_user"
243 echo -n "after: "; stat -c '%A' $test_user
245 echo "with user+group exec perm"
246 echo frobnozzle >> $test_user
247 chmod ug+s $test_user
248 chmod ug+x $test_user
249 echo -n "before: "; stat -c '%A' $test_user
250 su ${qa_user} -c "echo > $test_user"
251 echo -n "after: "; stat -c '%A' $test_user
254 # Test ATTR_*TIMES_SET
257 echo "testing ATTR_*TIMES_SET"
262 echo "user: touch qa_user file (should succeed)"
263 su ${qa_user} -c "touch $test_user"
265 echo "user: touch root file (should fail)"
266 su ${qa_user} -c "touch $test_root" 2>&1 | _filter_files