_notrun "File system does not support llseek(2) SEEK_DATA/HOLE"
}
+_require_runas()
+{
+ _require_test_program "runas"
+}
+
+_runas()
+{
+ "$here/src/runas" "$@"
+}
+
# check that a FS on a device is mounted
# if so, return mount point
#
here=`pwd`
tmp=/tmp/$$
-runas=$here/src/runas
status=1 # FAILure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_require_test
_require_attrs
-
-[ -x $runas ] || _notrun "$runas executable not found"
+_require_runas
rm -f $seqres.full
echo "append to file as user without caps"
# in particular user doesn't have FSETID or SETFCAP
-$runas -u $uid $tmp.append
+_runas -u $uid $tmp.append
echo "cat file"
echo "----"
# try again when it doesn't have the EA
echo "append to file as user without caps a 2nd time"
-$runas -u $uid $tmp.append
+_runas -u $uid $tmp.append
echo "ls -P on file"
ls -P $file | _testfilter
chown root $file
echo "as non-root try to append to file"
-$runas -u $uid $tmp.append 2>&1 | _filefilter
+_runas -u $uid $tmp.append 2>&1 | _filefilter
echo "restore perms on file"
chmod 777 $file
${ATTR_PROG} -R -l $file | _filefilter
echo "as non-root try to append to file"
-$runas -u $uid $tmp.append 2>&1 | _filefilter
+_runas -u $uid $tmp.append 2>&1 | _filefilter
echo "list EA on file"
${ATTR_PROG} -R -l $file | _filefilter
chown $uid $file
chmod ugo+w $TEST_DIR
echo "as non-root call writemod"
-$runas -u $uid src/writemod $file 2>&1 | _filefilter
+_runas -u $uid src/writemod $file 2>&1 | _filefilter
echo "cat file"
echo "----"
. ./common/filter
. ./common/attr
-runas=$here/src/runas
-
TARGET_DIR=$SCRATCH_MNT
[ "$FSTYP" == "xfs" ] && TARGET_DIR=$TEST_DIR
_require_test
_acl_setup_ids
_require_acls
-
-[ -x $runas ] || _notrun "$runas executable not found"
+_require_runas
# get dir
#export FILE_SYS=xfs
_acl_list file1
# change to owner
echo "Expect to PASS"
-$runas -u $acl1 -g $acl1 ./file1 2>&1
+_runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
_acl_list file1
echo "Expect to FAIL - acl1 is owner"
-$runas -u $acl1 -g $acl1 ./file1 2>&1
+_runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - acl2 matches sup group"
-$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
echo "Expect to FAIL - acl3 is not in group"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
_acl_list file1
echo "Expect to FAIL - acl1 is owner"
-$runas -u $acl1 -g $acl1 ./file1 2>&1
+_runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - acl2 is in sup. group"
-$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
echo "Expect to PASS - acl3 is not owner or in group"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
#-------------------------------------------------------
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
_acl_list file1
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
echo ""
echo "--- Test adding a GROUP ACE ---"
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
_acl_list file1 | _acl_filter_id
echo "Expect to PASS - GROUP ACE matches group"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
-$runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
echo "Expect to FAIL - GROUP ACE does not match group"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
#-------------------------------------------------------
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
_acl_list file1
echo "Expect to FAIL as MASK prohibits execution"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
echo "Expect to FAIL as MASK prohibits execution"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
echo "Expect to PASS as MASK allows execution"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
#-------------------------------------------------------
chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
echo "Expect to FAIL as should match on owner"
-$runas -u $acl1 -g $acl2 ./file1 2>&1
+_runas -u $acl1 -g $acl2 ./file1 2>&1
chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
echo "Expect to PASS as should match on user"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
#-------------------------------------------------------
here=`pwd`
tmp=/tmp/$$
-runas=$here/src/runas
status=1 # FAILure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
# only Linux supports fallocate
_supported_os Linux
_require_test
-
-[ -x $runas ] || _notrun "$runas executable not found"
+_require_runas
rm -f $seqres.full
chown $acl1.$acl1 file1
echo "Expect to FAIL"
-$runas -u $acl2 -g $acl2 -- setfacl -m u::rwx file1 2>&1 | sed 's/^setfacl: \/.*file1: Operation not permitted$/setfacl: file1: Operation not permitted/'
+_runas -u $acl2 -g $acl2 -- setfacl -m u::rwx file1 2>&1 | sed 's/^setfacl: \/.*file1: Operation not permitted$/setfacl: file1: Operation not permitted/'
echo "Test over."
# success, all done
here=`pwd`
tmp=/tmp/$$
-runas=$here/src/runas
status=1 # FAILure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15
_supported_fs xfs udf
_supported_os Linux
_require_test
-
-[ -x $runas ] || _notrun "$runas executable not found"
+_require_runas
rm -f $seqres.full
chacl -l file1 | _acl_filter_id
# change to owner
echo "Expect to PASS"
-$runas -u $acl1 -g $acl1 ./file1 2>&1
+_runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
-$runas -u $acl1 -g $acl1 ./file1 2>&1
+_runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - acl2 matches sup group"
-$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
echo "Expect to FAIL - acl3 is not in group"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
-$runas -u $acl1 -g $acl1 ./file1 2>&1
+_runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - acl2 is in sup. group"
-$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
echo "Expect to PASS - acl3 is not owner or in group"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
#-------------------------------------------------------
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
chacl -l file1 | _acl_filter_id
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
echo ""
echo "--- Test adding a GROUP ACE ---"
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
chacl -l file1 | _acl_filter_id
echo "Expect to PASS - GROUP ACE matches group"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
-$runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
echo "Expect to FAIL - GROUP ACE does not match group"
-$runas -u $acl3 -g $acl3 ./file1 2>&1
+_runas -u $acl3 -g $acl3 ./file1 2>&1
#-------------------------------------------------------
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
chacl -l file1 | _acl_filter_id
echo "Expect to FAIL as MASK prohibits execution"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
echo "Expect to FAIL as MASK prohibits execution"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
echo "Expect to PASS as MASK allows execution"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
#-------------------------------------------------------
chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
echo "Expect to FAIL as should match on owner"
-$runas -u $acl1 -g $acl2 ./file1 2>&1
+_runas -u $acl1 -g $acl2 ./file1 2>&1
chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
echo "Expect to PASS as should match on user"
-$runas -u $acl2 -g $acl2 ./file1 2>&1
+_runas -u $acl2 -g $acl2 ./file1 2>&1
#-------------------------------------------------------
popd >/dev/null
chown -R 12345.54321 root
echo "Change #1..."
-$runas -u 12345 -g 54321 -- chacl -r u::rwx,g::-w-,o::--x root
+_runas -u 12345 -g 54321 -- chacl -r u::rwx,g::-w-,o::--x root
find root -print | xargs chacl -l
echo "Change #2..."
-$runas -u 12345 -g 54321 -- chacl -r u::---,g::---,o::--- root
+_runas -u 12345 -g 54321 -- chacl -r u::---,g::---,o::--- root
find root -print | xargs chacl -l
#-------------------------------------------------------