# get standard environment, filters and checks
. ./common.rc
. ./common.filter
+. ./common.attr
_cleanup()
{
rm -rf $TEST_DIR/$seq.dir1
}
-_ls()
-{
- ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id
-}
-
-
-_setup_ids()
-{
- eval `cat /etc/passwd /etc/group | gawk -F: '
- { ids[$3]=1 }
- END {
- j=1
- for(i=1; i<1000000 && j<=3;i++){
- if (! (i in ids)) {
- printf "acl%d=%d;", j, i;
- j++
- }
- }
- }'`
-}
-
-_filter_id()
-{
- sed \
- -e "s/u:$acl1/u:id1/" \
- -e "s/u:$acl2/u:id2/" \
- -e "s/u:$acl3/u:id3/" \
- -e "s/g:$acl1/g:id1/" \
- -e "s/g:$acl2/g:id2/" \
- -e "s/g:$acl3/g:id3/" \
- -e "s/ $acl1 / id1 /" \
- -e "s/ $acl2 / id2 /" \
- -e "s/ $acl3 / id3 /"
-}
-
# -----
# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
# This is set with chacl(1) and can be changed by chmod(1).
rm -f $seq.full
_need_to_be_root
-_setup_ids
+_acl_setup_ids
[ -x /bin/chacl ] || _notrun "chacl command not found"
[ -x $runas ] || _notrun "$runas executable not found"
chmod g=rw- file1
chmod o=r-- file1
chown $acl1.$acl2 file1
-_ls file1
+_acl_ls file1
echo ""
echo "--- Test get and set of ACL ---"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL"
chacl u::r--,g::rwx,o:rw- file1 2>&1
echo "Expect to PASS"
chacl u::r--,g::rwx,o::rw- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo ""
echo "--- Test sync of ACL with std permissions ---"
-_ls file1
+_acl_ls file1
chmod u+w file1
-_ls file1
-chacl -l file1 | _filter_id
+_acl_ls file1
+chacl -l file1 | _acl_filter_id
echo ""
echo "--- Test owner permissions ---"
chacl u::r-x,g::---,o::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
# change to owner
echo "Expect to PASS"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group"
echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group"
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1
echo "Ensure that ACL has not been changed"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
$runas -u $acl3 -g $acl3 ./file1 2>&1
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1
echo "Ensure that ACL has not been changed"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to PASS - GROUP ACE matches group"
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
# group
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1
# This was a bug in kernel code where syscred wasn't being used
# to override the capabilities
chacl o::---,g::---,u::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
#-------------------------------------------------------
echo ""
echo "=== Test Default ACLs ==="
mkdir acldir
-chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" ./acldir 2>&1
-chacl -l acldir | _filter_id
+chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
+chacl -l acldir | _acl_filter_id
cd acldir
touch file2
-_ls file2
-chacl -l file2 | _filter_id
+_acl_ls file2
+chacl -l file2 | _acl_filter_id
cd ..
#-------------------------------------------------------
+echo ""
+echo "=== Removing ACLs ==="
+chacl -l file1 | _acl_filter_id
+chacl -l acldir | _acl_filter_id
+chacl -l acldir/file2 | _acl_filter_id
+echo "Remove ACLs..."
+chacl -R file1
+chacl -B acldir
+chacl -R acldir/file2
+chacl -l file1 | _acl_filter_id
+chacl -l acldir | _acl_filter_id
+chacl -l acldir/file2 | _acl_filter_id
+
+#-------------------------------------------------------
+
+
+
+
# success, all done
status=0
exit