# get standard environment, filters and checks
. ./common.rc
. ./common.filter
+. ./common.attr
_cleanup()
{
rm -rf $TEST_DIR/$seq.dir1
}
-_ls()
-{
- ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id
-}
-
-
-_setup_ids()
-{
- eval `cat /etc/passwd /etc/group | gawk -F: '
- { ids[$3]=1 }
- END {
- j=1
- for(i=1; i<1000000 && j<=3;i++){
- if (! (i in ids)) {
- printf "acl%d=%d;", j, i;
- j++
- }
- }
- }'`
-}
-
-_filter_id()
-{
- sed \
- -e "s/u:$acl1/u:id1/" \
- -e "s/u:$acl2/u:id2/" \
- -e "s/u:$acl3/u:id3/" \
- -e "s/g:$acl1/g:id1/" \
- -e "s/g:$acl2/g:id2/" \
- -e "s/g:$acl3/g:id3/" \
- -e "s/ $acl1 / id1 /" \
- -e "s/ $acl2 / id2 /" \
- -e "s/ $acl3 / id3 /"
-}
-
# -----
# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
# This is set with chacl(1) and can be changed by chmod(1).
rm -f $seq.full
_need_to_be_root
-_setup_ids
+_acl_setup_ids
[ -x /bin/chacl ] || _notrun "chacl command not found"
[ -x $runas ] || _notrun "$runas executable not found"
chmod g=rw- file1
chmod o=r-- file1
chown $acl1.$acl2 file1
-_ls file1
+_acl_ls file1
echo ""
echo "--- Test get and set of ACL ---"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL"
chacl u::r--,g::rwx,o:rw- file1 2>&1
echo "Expect to PASS"
chacl u::r--,g::rwx,o::rw- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo ""
echo "--- Test sync of ACL with std permissions ---"
-_ls file1
+_acl_ls file1
chmod u+w file1
-_ls file1
-chacl -l file1 | _filter_id
+_acl_ls file1
+chacl -l file1 | _acl_filter_id
echo ""
echo "--- Test owner permissions ---"
chacl u::r-x,g::---,o::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
# change to owner
echo "Expect to PASS"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group"
echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group"
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1
echo "Ensure that ACL has not been changed"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
$runas -u $acl3 -g $acl3 ./file1 2>&1
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1
echo "Ensure that ACL has not been changed"
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to PASS - GROUP ACE matches group"
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
# group
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1
# This was a bug in kernel code where syscred wasn't being used
# to override the capabilities
chacl o::---,g::---,u::--- file1 2>&1
-chacl -l file1 | _filter_id
+chacl -l file1 | _acl_filter_id
#-------------------------------------------------------
echo ""
echo "=== Test Default ACLs ==="
mkdir acldir
-chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" ./acldir 2>&1
-chacl -l acldir | _filter_id
+chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
+chacl -l acldir | _acl_filter_id
cd acldir
touch file2
-_ls file2
-chacl -l file2 | _filter_id
+_acl_ls file2
+chacl -l file2 | _acl_filter_id
cd ..
#-------------------------------------------------------
+echo ""
+echo "=== Removing ACLs ==="
+chacl -l file1 | _acl_filter_id
+chacl -l acldir | _acl_filter_id
+chacl -l acldir/file2 | _acl_filter_id
+echo "Remove ACLs..."
+chacl -R file1
+chacl -B acldir
+chacl -R acldir/file2
+chacl -l file1 | _acl_filter_id
+chacl -l acldir | _acl_filter_id
+chacl -l acldir/file2 | _acl_filter_id
+
+#-------------------------------------------------------
+
+
+
+
# success, all done
status=0
exit
acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---]
-r--r----- 0 0 file2
file2 [u::r--,g::r--,o::---]
+
+=== Removing ACLs ===
+file1 [o::---,g::---,u::---]
+acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---]
+acldir/file2 [u::r--,g::---,o::---]
+Remove ACLs...
+file1 []
+acldir []
+acldir/file2 []
--- /dev/null
+#! /bin/sh
+# XFS QA Test No. 053
+# $Id: 1.1 $
+#
+# xfs_repair breaks acls
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Further, this software is distributed without any warranty that it is
+# free of the rightful claim of any third person regarding infringement
+# or the like. Any license provided herein, whether implied or
+# otherwise, applies only to this software file. Patent licenses, if
+# any, provided herein do not apply to combinations of this program with
+# other software, or any other product whatsoever.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write the Free Software Foundation, Inc., 59
+# Temple Place - Suite 330, Boston MA 02111-1307, USA.
+#
+# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
+# Mountain View, CA 94043, or:
+#
+# http://www.sgi.com
+#
+# For further information regarding this notice, see:
+#
+# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
+#-----------------------------------------------------------------------
+#
+# creator
+owner=ajag@bruce.melbourne.sgi.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+status=1 # failure is the default!
+trap "rm -f $tmp.*; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+. ./common.attr
+
+# real QA test starts here
+_require_scratch
+_acl_setup_ids
+_do_die_on_error=y
+test=$SCRATCH_MNT/test
+
+# make filesystem on scratch using the defaults
+_do 'make filesystem on $SCRATCH_DEV' \
+ 'mkfs -t xfs -f $SCRATCH_DEV'
+_do 'mount filesytem' \
+ 'mount -t xfs $SCRATCH_DEV $SCRATCH_MNT'
+
+# create test files and set acls
+acls="
+u::r--,g::rwx,o::rw-
+u::r-x,g::---,o::---
+u::---,g::r-x,o::---
+u::---,g::---,o::r-x
+u::---,g::r-x,o::rwx
+u::---,g::---,o::---,u:$acl2:r-x,m::rwx
+u::rwx,g::r-x,o::r--
+u::---,g::---,o::---,g:$acl2:r-x,m::-w-"
+
+i=0
+for acl in $acls
+do
+ _do "touch $test.$i"
+ _do "chacl $acl $test.$i"
+ i=`expr $i + 1`
+done
+
+list_acls()
+{
+ i=0
+ for acl in $acls
+ do
+ chacl -l $test.$i | _acl_filter_id | sed -e "s!$SCRATCH_MNT!\$SCRATCH_MNT!"
+ i=`expr $i + 1`
+ done
+}
+
+echo "acls before repair:"
+list_acls
+_do 'unmount $SCRATCH_DEV' 'umount $SCRATCH_DEV'
+_do 'repair filesystem' 'xfs_repair $SCRATCH_DEV'
+_do 'mount filesytem' 'mount -t xfs $SCRATCH_DEV $SCRATCH_MNT'
+echo "acls after repair: "
+list_acls
+
+# success, all done
+status=0; exit
--- /dev/null
+QA output created by 053
+make filesystem on $SCRATCH_DEV... done
+mount filesytem... done
+acls before repair:
+$SCRATCH_MNT/test.0 [u::r--,g::rwx,o::rw-]
+$SCRATCH_MNT/test.1 [u::r-x,g::---,o::---]
+$SCRATCH_MNT/test.2 [u::---,g::r-x,o::---]
+$SCRATCH_MNT/test.3 [u::---,g::---,o::r-x]
+$SCRATCH_MNT/test.4 [u::---,g::r-x,o::rwx]
+$SCRATCH_MNT/test.5 [u::---,g::---,o::---,u:id2:r-x,m::rwx]
+$SCRATCH_MNT/test.6 [u::rwx,g::r-x,o::r--]
+$SCRATCH_MNT/test.7 [u::---,g::---,o::---,g:id2:r-x,m::-w-]
+unmount $SCRATCH_DEV... done
+repair filesystem... done
+mount filesytem... done
+acls after repair:
+$SCRATCH_MNT/test.0 [u::r--,g::rwx,o::rw-]
+$SCRATCH_MNT/test.1 [u::r-x,g::---,o::---]
+$SCRATCH_MNT/test.2 [u::---,g::r-x,o::---]
+$SCRATCH_MNT/test.3 [u::---,g::---,o::r-x]
+$SCRATCH_MNT/test.4 [u::---,g::r-x,o::rwx]
+$SCRATCH_MNT/test.5 [u::---,g::---,o::---,u:id2:r-x,m::rwx]
+$SCRATCH_MNT/test.6 [u::rwx,g::r-x,o::r--]
+$SCRATCH_MNT/test.7 [u::---,g::---,o::---,g:id2:r-x,m::-w-]
--- /dev/null
+##/bin/sh
+
+#
+# Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved.
+#
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it would be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+#
+# Further, this software is distributed without any warranty that it is
+# free of the rightful claim of any third person regarding infringement
+# or the like. Any license provided herein, whether implied or
+# otherwise, applies only to this software file. Patent licenses, if
+# any, provided herein do not apply to combinations of this program with
+# other software, or any other product whatsoever.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write the Free Software Foundation, Inc., 59
+# Temple Place - Suite 330, Boston MA 02111-1307, USA.
+#
+# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
+# Mountain View, CA 94043, or:
+#
+# http://www.sgi.com
+#
+# For further information regarding this notice, see:
+#
+# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
+#
+
+# common extended attribute and ACL support
+
+# pick three unused user/group ids, store them as $acl[1-3]
+#
+_acl_setup_ids()
+{
+ eval `cat /etc/passwd /etc/group | gawk -F: '
+ { ids[$3]=1 }
+ END {
+ j=1
+ for(i=1; i<1000000 && j<=3;i++){
+ if (! (i in ids)) {
+ printf "acl%d=%d;", j, i;
+ j++
+ }
+ }
+ }'`
+}
+
+# filter for the acl ids selected above
+#
+_acl_filter_id()
+{
+ sed \
+ -e "s/u:$acl1/u:id1/" \
+ -e "s/u:$acl2/u:id2/" \
+ -e "s/u:$acl3/u:id3/" \
+ -e "s/g:$acl1/g:id1/" \
+ -e "s/g:$acl2/g:id2/" \
+ -e "s/g:$acl3/g:id3/" \
+ -e "s/ $acl1 / id1 /" \
+ -e "s/ $acl2 / id2 /" \
+ -e "s/ $acl3 / id3 /"
+}
+
+# filtered ls
+#
+_acl_ls()
+{
+ ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _acl_filter_id
+}
+
+# make sure this script returns success
+/bin/true
\ No newline at end of file
[ -b $1 ] && src/lstat64 $1 | $AWK_PROG '/Device type:/ { print $9 }'
}
+# do a command, log it to $seq.full, optionally test return status
+# and die if command fails
+#
+_do()
+{
+ if [ $# -eq 1 ]; then
+ _cmd=$1
+ elif [ $# -eq 2 ]; then
+ _note=$1
+ _cmd=$2
+ echo -n "$_note... "
+ else
+ echo "Usage: _do [note] cmd" 1>&2
+ status=1; exit
+ fi
+
+ (eval "echo '---' $_cmd") >>$seq.full
+ (eval "$_cmd") >$tmp._out 2>&1; ret=$?
+ cat $tmp._out | _fix_malloc >>$seq.full
+ if [ $# -eq 2 ]; then
+ if [ $ret -eq 0 ]; then echo "done"; else echo "fail"; fi
+ fi
+ if [ "$_do_die_on_error" -a $ret -ne 0 ]; then
+ eval "echo $_cmd failed \(returned $ret\): see $seq.full"
+ status=1; exit
+ fi
+
+ return $ret
+}
+
# bail out, setting up .notrun file
#
_notrun()