#! /bin/bash # SPDX-License-Identifier: GPL-2.0 # Copyright (c) 2016 Red Hat, Inc. All Rights Reserved. # # FS QA Test 369 # # RichACL delete test # seq=`basename $0` seqres=$RESULT_DIR/$seq echo "QA output created by $seq" here=`pwd` tmp=/tmp/$$ status=1 # failure is the default! trap "_cleanup; exit \$status" 0 1 2 3 15 _cleanup() { cd / rm -f $tmp.* } # get standard environment, filters and checks . ./common/rc # remove previous $seqres.full before test rm -f $seqres.full # real QA test starts here _supported_fs generic _supported_os Linux _require_scratch _require_scratch_richacl _require_richacl_prog _require_runas _scratch_mkfs_richacl >> $seqres.full _scratch_mount cd $SCRATCH_MNT r() { echo "--- runas -u 99 -g 99 $*" _runas -u 99 -g 99 -- "$@" } umask 022 chmod go+w . mkdir d1 d2 d3 d4 d5 d6 d7 touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h chmod o+w d1/g chown 99 d2 chgrp 99 d3 chmod g+w d3 $SETRICHACL_PROG --set 'u:99:wx::allow' d4 $SETRICHACL_PROG --set 'u:99:d::allow' d5 $SETRICHACL_PROG --set 'u:99:xd::allow' d6 $SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h chmod 664 d7/g mkdir s2 s3 s4 s5 s6 s7 chmod +t s2 s3 s4 s5 s6 s7 touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h chown 99 s2 chgrp 99 s3 chmod g+w s3 $SETRICHACL_PROG --set 'u:99:wx::allow' s4 $SETRICHACL_PROG --set 'u:99:d::allow' s5 $SETRICHACL_PROG --set 'u:99:xd::allow' s6 $SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h chmod 664 s7/g # Cannot delete files with no or only with write permissions on the directory r rm -f d1/f d1/g # Can delete files in directories we own r rm -f d2/f s2/f # Can delete files in non-sticky directories we have write access to r rm -f d3/f s3/f # "Write_data/execute" access does not include delete_child access, so deleting # is not allowed: r rm -f d4/f s4/f # "Delete_child" access alone also is not sufficient r rm -f d5/f s5/f # "Execute/delete_child" access is sufficient for non-sticky directories r rm -f d6/f s6/f # "Delete" access on the child is sufficient, even in sticky directories. r rm -f d7/f s7/f # Regression: Delete access must not override add_file / add_subdirectory # access. r touch h r mv -f h d7/ r mv -f h s7/ # A chmod turns off the "delete" permission r rm -f d7/g s7/g # success, all done status=0 exit