6 #-----------------------------------------------------------------------
7 # Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.
9 # This program is free software; you can redistribute it and/or
10 # modify it under the terms of the GNU General Public License as
11 # published by the Free Software Foundation.
13 # This program is distributed in the hope that it would be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write the Free Software Foundation,
20 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 #-----------------------------------------------------------------------
25 seqres=$RESULT_DIR/$seq
26 echo "QA output created by $seq"
30 status=1 # failure is the default!
31 trap "_cleanup; exit \$status" 0 1 2 3 15
39 # get standard environment, filters and checks
42 # remove previous $seqres.full before test
45 # real QA test starts here
51 _require_scratch_richacl
55 _scratch_mkfs_richacl >> $seqres.full
62 echo "--- runas -u 99 -g 99 $*"
63 _runas -u 99 -g 99 -- "$@"
69 mkdir d1 d2 d3 d4 d5 d6 d7
70 touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h
75 $SETRICHACL_PROG --set 'u:99:wx::allow' d4
76 $SETRICHACL_PROG --set 'u:99:d::allow' d5
77 $SETRICHACL_PROG --set 'u:99:xd::allow' d6
78 $SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h
81 mkdir s2 s3 s4 s5 s6 s7
82 chmod +t s2 s3 s4 s5 s6 s7
83 touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h
87 $SETRICHACL_PROG --set 'u:99:wx::allow' s4
88 $SETRICHACL_PROG --set 'u:99:d::allow' s5
89 $SETRICHACL_PROG --set 'u:99:xd::allow' s6
90 $SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h
93 # Cannot delete files with no or only with write permissions on the directory
96 # Can delete files in directories we own
99 # Can delete files in non-sticky directories we have write access to
102 # "Write_data/execute" access does not include delete_child access, so deleting
106 # "Delete_child" access alone also is not sufficient
109 # "Execute/delete_child" access is sufficient for non-sticky directories
112 # "Delete" access on the child is sufficient, even in sticky directories.
115 # Regression: Delete access must not override add_file / add_subdirectory
121 # A chmod turns off the "delete" permission