# get standard environment, filters and checks
. ./common.rc
. ./common.filter
+. ./common.attr
_cleanup()
{
rm -rf $TEST_DIR/$seq.dir1
}
-_ls()
-{
- ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id
-}
-
-
-_setup_ids()
-{
- eval `cat /etc/passwd /etc/group | gawk -F: '
- { ids[$3]=1 }
- END {
- j=1
- for(i=1; i<1000000 && j<=3;i++){
- if (! (i in ids)) {
- printf "acl%d=%d;", j, i;
- j++
- }
- }
- }'`
-}
-
-_filter_id()
-{
- sed \
- -e "s/u:$acl1/u:id1/" \
- -e "s/u:$acl2/u:id2/" \
- -e "s/u:$acl3/u:id3/" \
- -e "s/g:$acl1/g:id1/" \
- -e "s/g:$acl2/g:id2/" \
- -e "s/g:$acl3/g:id3/" \
- -e "s/ $acl1 / id1 /" \
- -e "s/ $acl2 / id2 /" \
- -e "s/ $acl3 / id3 /"
-}
-
# -----
# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
# This is set with chacl(1) and can be changed by chmod(1).
rm -f $seq.full
_need_to_be_root
-_setup_ids
-
-[ -x /bin/chacl ] || _notrun "chacl command not found"
+_acl_setup_ids
+_acl_requirements
[ -x $runas ] || _notrun "$runas executable not found"
# get dir
mkdir $seq.dir1
cd $seq.dir1
-# test if acl_get syscall is operational
-# and hence the ACL config has been turned on
-touch syscalltest
-if chacl -l syscalltest 2>&1 | tee -a $here/$seq.full | grep 'Function not implemented' >/dev/null
-then
- cd $here
- _notrun "requires kernel ACL support"
-fi
-
#-------------------------------------------------------
# real QA test starts here
echo "QA output created by $seq"
chmod g=rw- file1
chmod o=r-- file1
chown $acl1.$acl2 file1
-_ls file1
+_acl_ls file1
echo ""
echo "--- Test get and set of ACL ---"
-chacl -l file1 | _filter_id
-echo "Expect to FAIL"
+echo "Note: Old interface gave an empty ACL - now output an ACL"
+chacl -l file1 | _acl_filter_id
+echo "Try using single colon separator"
+echo "Note: Old interface FAILed because of single colon - new one allows it"
chacl u::r--,g::rwx,o:rw- file1 2>&1
echo "Expect to PASS"
chacl u::r--,g::rwx,o::rw- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo ""
echo "--- Test sync of ACL with std permissions ---"
-_ls file1
+_acl_ls file1
chmod u+w file1
-_ls file1
-chacl -l file1 | _filter_id
+_acl_ls file1
+chacl -l file1 | _acl_filter_id
echo ""
echo "--- Test owner permissions ---"
chacl u::r-x,g::---,o::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
# change to owner
echo "Expect to PASS"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group"
echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group"
echo ""
echo "--- Test adding a USER ACE ---"
echo "Expect to FAIL as no MASK provided"
-chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1
+chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id
echo "Ensure that ACL has not been changed"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
$runas -u $acl3 -g $acl3 ./file1 2>&1
echo ""
echo "--- Test adding a GROUP ACE ---"
echo "Expect to FAIL as no MASK provided"
-chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1
+chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id
echo "Ensure that ACL has not been changed"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to PASS - GROUP ACE matches group"
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
# group
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1
# This was a bug in kernel code where syscred wasn't being used
# to override the capabilities
chacl o::---,g::---,u::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
#-------------------------------------------------------
echo ""
echo "=== Test Default ACLs ==="
-mkdir acldir
-chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" ./acldir 2>&1
-chacl -l acldir | _filter_id
+# make test clearer by testing with and without umask
+umask 0
+mkdir acldir
+chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
+chacl -l acldir | _acl_filter_id
cd acldir
+
touch file2
-_ls file2
-chacl -l file2 | _filter_id
+_acl_ls file2
+chacl -l file2 | _acl_filter_id
+
+#ensure that umask is not having an effect
+#so set it and see
+umask 722
+touch file3
+_acl_ls file3
+chacl -l file3 | _acl_filter_id
+
cd ..
+umask 022
+
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Removing ACLs ==="
+chacl -l file1 | _acl_filter_id
+chacl -l acldir | _acl_filter_id
+chacl -l acldir/file2 | _acl_filter_id
+echo "Remove ACLs..."
+chacl -R file1
+chacl -B acldir
+chacl -R acldir/file2
+echo "Note: Old interface would mean empty ACLs - now we show mode ACLs"
+chacl -l file1 | _acl_filter_id
+chacl -l acldir | _acl_filter_id
+chacl -l acldir/file2 | _acl_filter_id
+
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Recursive change ACL ==="
+rm -fr root
+mkdir root
+pushd root >/dev/null
+# create an arbitrary little tree
+for i in 1 2 3 4 5 6 7 8 9 0
+do
+ mkdir -p a/$i
+ mkdir -p b/c$i/$i
+ touch a/$i/mumble
+done
+popd >/dev/null
+chown -R 12345.54321 root
+echo "Change #1..."
+$runas -u 12345 -g 54321 -- `which chacl` -r u::rwx,g::-w-,o::--x root
+find root -print | xargs chacl -l
+echo "Change #2..."
+$runas -u 12345 -g 54321 -- `which chacl` -r u::---,g::---,o::--- root
+find root -print | xargs chacl -l
+
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Test out error messages for ACL text parsing ==="
+echo "Note: Old interface gave more informative error msgs"
+
+touch file1
+set -x
+chacl u file1
+chacl u: file1
+chacl u:rumpledumpleunknownuser file1
+chacl u:rumpledumpleunknownuser: file1
+chacl g:rumpledumpleunknowngrp file1
+chacl g:rumpledumpleunknowngrp: file1
+chacl o:user1:rwx file1
+chacl m:user1:rwx file1
+chacl a::rwx file1
+set +x
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Test out large ACLs ==="
+touch largeaclfile
+XFS_ACL_MAX_ENTRIES=25
+num_aces_pre=`expr $XFS_ACL_MAX_ENTRIES - 1`
+num_aces_post=`expr $XFS_ACL_MAX_ENTRIES + 1`
+
+acl1=`_create_n_aces $num_aces_pre`
+acl2=`_create_n_aces $XFS_ACL_MAX_ENTRIES`
+acl3=`_create_n_aces $num_aces_post`
+acl4=`_create_n_aces 16` # Andreas G. libacl size for initial get
+acl5=`_create_n_aces 17` # 1 over A.G. libacl initial size
+
+echo "1 below xfs acl max"
+chacl $acl1 largeaclfile
+getfacl largeaclfile | _filter_aces
+
+echo "xfs acl max"
+chacl $acl2 largeaclfile
+getfacl largeaclfile | _filter_aces
+
+echo "1 above xfs acl max"
+chacl $acl3 largeaclfile
+getfacl largeaclfile | _filter_aces
+
+echo "use 16 aces"
+chacl $acl4 largeaclfile
+getfacl largeaclfile | _filter_aces
+
+echo "use 17 aces"
+chacl $acl5 largeaclfile
+getfacl largeaclfile | _filter_aces
#-------------------------------------------------------
projects / xfstests-dev.git / blobdiff