ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id
}
-_get_newid()
+
+_setup_ids()
{
- cat /etc/passwd /etc/group $tmp.ids | gawk -F: '
+ eval `cat /etc/passwd /etc/group | gawk -F: '
{ ids[$3]=1 }
END {
- for(i=1;i<1000000;i++){
+ j=1
+ for(i=1; i<1000000 && j<=3;i++){
if (! (i in ids)) {
- print i;
- exit
+ printf "acl%d=%d;", j, i;
+ j++
}
}
- }'
-}
-
-_setup_ids()
-{
- touch $tmp.ids
- acl1=`_get_newid`; echo "::$acl1" >>$tmp.ids
- acl2=`_get_newid`; echo "::$acl2" >>$tmp.ids
- acl3=`_get_newid`; echo "::$acl3" >>$tmp.ids
+ }'`
}
_filter_id()
-e "s/g:$acl3/g:id3/" \
-e "s/ $acl1 / id1 /" \
-e "s/ $acl2 / id2 /" \
- -e "s/ $acl3 / id3 /" \
+ -e "s/ $acl3 / id3 /"
}
# -----
echo "=== Test minimal ACE ==="
echo "Setup file"
+# Note: as this is a shell script,
+# will need read and execute permission set
+# in order to execute it.
touch file1
cat <<EOF >file1
#!/bin/sh
echo ""
echo "--- Test MASK ---"
-chacl u::---,g::---,o::---,g:$acl2:r-x,m::-wx file1 2>&1
+
+# group
+chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
chacl -l file1 | _filter_id
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1
-chacl u::---,g::---,o::---,u:$acl2:r-x,m::-wx file1 2>&1
+
+# user
+chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1
+# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
echo "Expect to PASS as MASK allows execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1