From: Eric Biggers Date: Fri, 21 Jul 2017 04:22:05 +0000 (-0700) Subject: tests: make shared/051 a generic test X-Git-Tag: v2022.05.01~1948 X-Git-Url: http://git.apps.os.sepia.ceph.com/?p=xfstests-dev.git;a=commitdiff_plain;h=46a6604d39ed783ef2f3a785818427ba5904111d tests: make shared/051 a generic test The ACL test shared/051 was very similar to generic/099 which was not being run and was just removed; most likely the script was copy+pasted at some point. Since shared/051 has been getting maintained+run and is not really XFS and UDF-specific, move it to generic, reusing the old number of 099. One change was required for it to work on other filesystems: the output of 'find' must be sorted. Signed-off-by: Eric Biggers Reviewed-by: Eryu Guan Signed-off-by: Eryu Guan --- diff --git a/tests/generic/099 b/tests/generic/099 new file mode 100755 index 00000000..f65c53f1 --- /dev/null +++ b/tests/generic/099 @@ -0,0 +1,321 @@ +#! /bin/bash +# FS QA Test No. 099 +# +# Test out ACLs. +# +#----------------------------------------------------------------------- +# Copyright (c) 2000-2002 Silicon Graphics, Inc. All Rights Reserved. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it would be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +# +#----------------------------------------------------------------------- +# + +seq=`basename $0` +seqres=$RESULT_DIR/$seq + +here=`pwd` +tmp=/tmp/$$ +status=1 # FAILure is the default! +trap "_cleanup; exit \$status" 0 1 2 3 15 + +# get standard environment, filters and checks +. ./common/rc +. ./common/filter +. ./common/attr + +_cleanup() +{ + cd / + rm -f $tmp.* + [ -n "$TEST_DIR" ] && rm -rf $TEST_DIR/$seq.dir1 +} + +# ----- +# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ +# This is set with chacl(1) and can be changed by chmod(1). +# +# Test that this is being set for ACL and for std unix permissions +# Test that we can get back the same ACL. +# Test std permissions for rwx. +# ----- +# +# Test out default ACLs and that the ACL is being PASSed +# onto the children of the dir. +# +# ----- +# Test out access check for extended ACLs. +# -> 3 extra ACEs: MASK, GROUP, USER +# -> the GROUP compares with egid of process _and_ the supplementary +# groups (as found in /etc/group) +# +# Test that mask works for USER, GROUP, GROUP_OBJ +# Test that the ACE type priority is working +# -> this would be done by simultaneously matching on ACEs +# -> interesting if it allows user to specify ACEs in any order +# + +# real QA test starts here +_supported_fs generic +_supported_os Linux +_require_test +_require_runas + +rm -f $seqres.full + +_acl_setup_ids +_require_acls + +# get dir +cd $TEST_DIR +rm -rf $seq.dir1 +mkdir $seq.dir1 +cd $seq.dir1 + +echo "QA output created by $seq" +echo "" +echo "=== Test minimal ACE ===" + +echo "Setup file" +# Note: as this is a shell script, +# will need read and execute permission set +# in order to execute it. +touch file1 +cat <file1 +#!/bin/bash +echo "Test was executed" +EOF +chmod u=rwx file1 +chmod g=rw- file1 +chmod o=r-- file1 +chown $acl1.$acl2 file1 +_acl_ls file1 + +echo "" +echo "--- Test get and set of ACL ---" +echo "Note: Old interface gave an empty ACL - now output an ACL" +chacl -l file1 | _acl_filter_id +echo "Try using single colon separator" +echo "Note: Old interface FAILed because of single colon - new one allows it" +chacl u::r--,g::rwx,o:rw- file1 2>&1 +echo "Expect to PASS" +chacl u::r--,g::rwx,o::rw- file1 2>&1 +chacl -l file1 | _acl_filter_id + +echo "" +echo "--- Test sync of ACL with std permissions ---" +_acl_ls file1 +chmod u+w file1 +_acl_ls file1 +chacl -l file1 | _acl_filter_id + +echo "" +echo "--- Test owner permissions ---" +chacl u::r-x,g::---,o::--- file1 2>&1 +chacl -l file1 | _acl_filter_id +# change to owner +echo "Expect to PASS" +_runas -u $acl1 -g $acl1 ./file1 2>&1 +echo "Expect to FAIL" +_runas -u $acl2 -g $acl2 ./file1 2>&1 + +echo "" +echo "--- Test group permissions ---" +chacl u::---,g::r-x,o::--- file1 2>&1 +chacl -l file1 | _acl_filter_id +echo "Expect to FAIL - acl1 is owner" +_runas -u $acl1 -g $acl1 ./file1 2>&1 +echo "Expect to PASS - acl2 matches group" +_runas -u $acl2 -g $acl2 ./file1 2>&1 +echo "Expect to PASS - acl2 matches sup group" +_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1 +echo "Expect to FAIL - acl3 is not in group" +_runas -u $acl3 -g $acl3 ./file1 2>&1 + +echo "" +echo "--- Test other permissions ---" +chacl u::---,g::---,o::r-x file1 2>&1 +chacl -l file1 | _acl_filter_id +echo "Expect to FAIL - acl1 is owner" +_runas -u $acl1 -g $acl1 ./file1 2>&1 +echo "Expect to FAIL - acl2 is in group" +_runas -u $acl2 -g $acl2 ./file1 2>&1 +echo "Expect to FAIL - acl2 is in sup. group" +_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1 +echo "Expect to PASS - acl3 is not owner or in group" +_runas -u $acl3 -g $acl3 ./file1 2>&1 + +#------------------------------------------------------- + +echo "" +echo "=== Test Extended ACLs ===" + +echo "" +echo "--- Test adding a USER ACE ---" +echo "Expect to FAIL as no MASK provided" +chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id +echo "Ensure that ACL has not been changed" +chacl -l file1 | _acl_filter_id +echo "Expect to PASS - USER ACE matches user" +chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1 +chacl -l file1 | _acl_filter_id +_runas -u $acl2 -g $acl2 ./file1 2>&1 +echo "Expect to FAIL - USER ACE does not match user" +_runas -u $acl3 -g $acl3 ./file1 2>&1 + +echo "" +echo "--- Test adding a GROUP ACE ---" +echo "Expect to FAIL as no MASK provided" +chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id +echo "Ensure that ACL has not been changed" +chacl -l file1 | _acl_filter_id +chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1 +chacl -l file1 | _acl_filter_id +echo "Expect to PASS - GROUP ACE matches group" +_runas -u $acl2 -g $acl2 ./file1 2>&1 +echo "Expect to PASS - GROUP ACE matches sup group" +_runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1 +echo "Expect to FAIL - GROUP ACE does not match group" +_runas -u $acl3 -g $acl3 ./file1 2>&1 + +#------------------------------------------------------- + +echo "" +echo "--- Test MASK ---" + +# group +chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1 +chacl -l file1 | _acl_filter_id +echo "Expect to FAIL as MASK prohibits execution" +_runas -u $acl2 -g $acl2 ./file1 2>&1 + +# user +chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1 +echo "Expect to FAIL as MASK prohibits execution" +_runas -u $acl2 -g $acl2 ./file1 2>&1 + +# user +chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1 +echo "Expect to PASS as MASK allows execution" +_runas -u $acl2 -g $acl2 ./file1 2>&1 + +#------------------------------------------------------- + +echo "" +echo "--- Test ACE priority ---" + +chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1 +echo "Expect to FAIL as should match on owner" +_runas -u $acl1 -g $acl2 ./file1 2>&1 + +chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1 +echo "Expect to PASS as should match on user" +_runas -u $acl2 -g $acl2 ./file1 2>&1 + +#------------------------------------------------------- + +echo "" +echo "=== Test can read ACLs without access permissions ===" +# This was a bug in kernel code where syscred wasn't being used +# to override the capabilities +chacl o::---,g::---,u::--- file1 2>&1 +chacl -l file1 | _acl_filter_id + +#------------------------------------------------------- + +echo "" +echo "=== Test Default ACLs ===" +# make test clearer by testing with and without umask +umask 0 + +mkdir acldir +chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1 +chacl -l acldir | _acl_filter_id +cd acldir + +touch file2 +_acl_ls file2 +chacl -l file2 | _acl_filter_id + +#ensure that umask is not having an effect +#so set it and see +umask 722 +touch file3 +_acl_ls file3 +chacl -l file3 | _acl_filter_id + +cd .. +umask 022 + +#------------------------------------------------------- + +echo "" +echo "=== Removing ACLs ===" +chacl -l file1 | _acl_filter_id +chacl -l acldir | _acl_filter_id +chacl -l acldir/file2 | _acl_filter_id +echo "Remove ACLs..." +chacl -R file1 +chacl -B acldir +chacl -R acldir/file2 +echo "Note: Old interface would mean empty ACLs - now we show mode ACLs" +chacl -l file1 | _acl_filter_id +chacl -l acldir | _acl_filter_id +chacl -l acldir/file2 | _acl_filter_id + +#------------------------------------------------------- + +echo "" +echo "=== Recursive change ACL ===" +rm -fr root +mkdir root +pushd root >/dev/null +# create an arbitrary little tree +for i in 1 2 3 4 5 6 7 8 9 0 +do + mkdir -p a/$i + mkdir -p b/c$i/$i + touch a/$i/mumble +done +popd >/dev/null +chown -R 12345.54321 root +echo "Change #1..." +_runas -u 12345 -g 54321 -- chacl -r u::rwx,g::-w-,o::--x root +find root -print | sort | xargs chacl -l +echo "Change #2..." +_runas -u 12345 -g 54321 -- chacl -r u::---,g::---,o::--- root +find root -print | sort | xargs chacl -l + +#------------------------------------------------------- + +echo "" +echo "=== Test out error messages for ACL text parsing ===" +echo "Note: Old interface gave more informative error msgs" + +touch file1 +set -x +chacl u file1 +chacl u: file1 +chacl u:rumpledumpleunknownuser file1 +chacl u:rumpledumpleunknownuser: file1 +chacl g:rumpledumpleunknowngrp file1 +chacl g:rumpledumpleunknowngrp: file1 +chacl o:user1:rwx file1 +chacl m:user1:rwx file1 +chacl a::rwx file1 +set +x + +# success, all done +status=0 +exit diff --git a/tests/generic/099.out b/tests/generic/099.out new file mode 100644 index 00000000..94172420 --- /dev/null +++ b/tests/generic/099.out @@ -0,0 +1,220 @@ +QA output created by 099 + +=== Test minimal ACE === +Setup file +-rwxrw-r-- id1 id2 file1 + +--- Test get and set of ACL --- +Note: Old interface gave an empty ACL - now output an ACL +file1 [u::rwx,g::rw-,o::r--] +Try using single colon separator +Note: Old interface FAILed because of single colon - new one allows it +Expect to PASS +file1 [u::r--,g::rwx,o::rw-] + +--- Test sync of ACL with std permissions --- +-r--rwxrw- id1 id2 file1 +-rw-rwxrw- id1 id2 file1 +file1 [u::rw-,g::rwx,o::rw-] + +--- Test owner permissions --- +file1 [u::r-x,g::---,o::---] +Expect to PASS +Test was executed +Expect to FAIL +./file1: Permission denied + +--- Test group permissions --- +file1 [u::---,g::r-x,o::---] +Expect to FAIL - acl1 is owner +./file1: Permission denied +Expect to PASS - acl2 matches group +Test was executed +Expect to PASS - acl2 matches sup group +Test was executed +Expect to FAIL - acl3 is not in group +./file1: Permission denied + +--- Test other permissions --- +file1 [u::---,g::---,o::r-x] +Expect to FAIL - acl1 is owner +./file1: Permission denied +Expect to FAIL - acl2 is in group +./file1: Permission denied +Expect to FAIL - acl2 is in sup. group +./file1: Permission denied +Expect to PASS - acl3 is not owner or in group +Test was executed + +=== Test Extended ACLs === + +--- Test adding a USER ACE --- +Expect to FAIL as no MASK provided +chacl: access ACL 'u::---,g::---,o::---,u:id2:r-x': Missing or wrong entry at entry 3 +Ensure that ACL has not been changed +file1 [u::---,g::---,o::r-x] +Expect to PASS - USER ACE matches user +file1 [u::---,u:id2:r-x,g::---,m::rwx,o::---] +Test was executed +Expect to FAIL - USER ACE does not match user +./file1: Permission denied + +--- Test adding a GROUP ACE --- +Expect to FAIL as no MASK provided +chacl: access ACL 'u::---,g::---,o::---,g:id2:r-x': Missing or wrong entry at entry 3 +Ensure that ACL has not been changed +file1 [u::---,u:id2:r-x,g::---,m::rwx,o::---] +file1 [u::---,g::---,g:id2:r-x,m::rwx,o::---] +Expect to PASS - GROUP ACE matches group +Test was executed +Expect to PASS - GROUP ACE matches sup group +Test was executed +Expect to FAIL - GROUP ACE does not match group +./file1: Permission denied + +--- Test MASK --- +file1 [u::---,g::---,g:id2:r-x,m::-w-,o::---] +Expect to FAIL as MASK prohibits execution +./file1: Permission denied +Expect to FAIL as MASK prohibits execution +./file1: Permission denied +Expect to PASS as MASK allows execution +Test was executed + +--- Test ACE priority --- +Expect to FAIL as should match on owner +./file1: Permission denied +Expect to PASS as should match on user +Test was executed + +=== Test can read ACLs without access permissions === +file1 [u::---,g::---,o::---] + +=== Test Default ACLs === +acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---] +-r--r----- 0 0 file2 +file2 [u::r--,g::r--,o::---] +-r--r----- 0 0 file3 +file3 [u::r--,g::r--,o::---] + +=== Removing ACLs === +file1 [u::---,g::---,o::---] +acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---] +acldir/file2 [u::r--,g::r--,o::---] +Remove ACLs... +Note: Old interface would mean empty ACLs - now we show mode ACLs +file1 [u::---,g::---,o::---] +acldir [u::rwx,g::rwx,o::rwx] +acldir/file2 [u::r--,g::r--,o::---] + +=== Recursive change ACL === +Change #1... +root [u::rwx,g::-w-,o::--x] +root/a [u::rwx,g::-w-,o::--x] +root/a/0 [u::rwx,g::-w-,o::--x] +root/a/0/mumble [u::rwx,g::-w-,o::--x] +root/a/1 [u::rwx,g::-w-,o::--x] +root/a/1/mumble [u::rwx,g::-w-,o::--x] +root/a/2 [u::rwx,g::-w-,o::--x] +root/a/2/mumble [u::rwx,g::-w-,o::--x] +root/a/3 [u::rwx,g::-w-,o::--x] +root/a/3/mumble [u::rwx,g::-w-,o::--x] +root/a/4 [u::rwx,g::-w-,o::--x] +root/a/4/mumble [u::rwx,g::-w-,o::--x] +root/a/5 [u::rwx,g::-w-,o::--x] +root/a/5/mumble [u::rwx,g::-w-,o::--x] +root/a/6 [u::rwx,g::-w-,o::--x] +root/a/6/mumble [u::rwx,g::-w-,o::--x] +root/a/7 [u::rwx,g::-w-,o::--x] +root/a/7/mumble [u::rwx,g::-w-,o::--x] +root/a/8 [u::rwx,g::-w-,o::--x] +root/a/8/mumble [u::rwx,g::-w-,o::--x] +root/a/9 [u::rwx,g::-w-,o::--x] +root/a/9/mumble [u::rwx,g::-w-,o::--x] +root/b [u::rwx,g::-w-,o::--x] +root/b/c0 [u::rwx,g::-w-,o::--x] +root/b/c0/0 [u::rwx,g::-w-,o::--x] +root/b/c1 [u::rwx,g::-w-,o::--x] +root/b/c1/1 [u::rwx,g::-w-,o::--x] +root/b/c2 [u::rwx,g::-w-,o::--x] +root/b/c2/2 [u::rwx,g::-w-,o::--x] +root/b/c3 [u::rwx,g::-w-,o::--x] +root/b/c3/3 [u::rwx,g::-w-,o::--x] +root/b/c4 [u::rwx,g::-w-,o::--x] +root/b/c4/4 [u::rwx,g::-w-,o::--x] +root/b/c5 [u::rwx,g::-w-,o::--x] +root/b/c5/5 [u::rwx,g::-w-,o::--x] +root/b/c6 [u::rwx,g::-w-,o::--x] +root/b/c6/6 [u::rwx,g::-w-,o::--x] +root/b/c7 [u::rwx,g::-w-,o::--x] +root/b/c7/7 [u::rwx,g::-w-,o::--x] +root/b/c8 [u::rwx,g::-w-,o::--x] +root/b/c8/8 [u::rwx,g::-w-,o::--x] +root/b/c9 [u::rwx,g::-w-,o::--x] +root/b/c9/9 [u::rwx,g::-w-,o::--x] +Change #2... +root [u::---,g::---,o::---] +root/a [u::---,g::---,o::---] +root/a/0 [u::---,g::---,o::---] +root/a/0/mumble [u::---,g::---,o::---] +root/a/1 [u::---,g::---,o::---] +root/a/1/mumble [u::---,g::---,o::---] +root/a/2 [u::---,g::---,o::---] +root/a/2/mumble [u::---,g::---,o::---] +root/a/3 [u::---,g::---,o::---] +root/a/3/mumble [u::---,g::---,o::---] +root/a/4 [u::---,g::---,o::---] +root/a/4/mumble [u::---,g::---,o::---] +root/a/5 [u::---,g::---,o::---] +root/a/5/mumble [u::---,g::---,o::---] +root/a/6 [u::---,g::---,o::---] +root/a/6/mumble [u::---,g::---,o::---] +root/a/7 [u::---,g::---,o::---] +root/a/7/mumble [u::---,g::---,o::---] +root/a/8 [u::---,g::---,o::---] +root/a/8/mumble [u::---,g::---,o::---] +root/a/9 [u::---,g::---,o::---] +root/a/9/mumble [u::---,g::---,o::---] +root/b [u::---,g::---,o::---] +root/b/c0 [u::---,g::---,o::---] +root/b/c0/0 [u::---,g::---,o::---] +root/b/c1 [u::---,g::---,o::---] +root/b/c1/1 [u::---,g::---,o::---] +root/b/c2 [u::---,g::---,o::---] +root/b/c2/2 [u::---,g::---,o::---] +root/b/c3 [u::---,g::---,o::---] +root/b/c3/3 [u::---,g::---,o::---] +root/b/c4 [u::---,g::---,o::---] +root/b/c4/4 [u::---,g::---,o::---] +root/b/c5 [u::---,g::---,o::---] +root/b/c5/5 [u::---,g::---,o::---] +root/b/c6 [u::---,g::---,o::---] +root/b/c6/6 [u::---,g::---,o::---] +root/b/c7 [u::---,g::---,o::---] +root/b/c7/7 [u::---,g::---,o::---] +root/b/c8 [u::---,g::---,o::---] +root/b/c8/8 [u::---,g::---,o::---] +root/b/c9 [u::---,g::---,o::---] +root/b/c9/9 [u::---,g::---,o::---] + +=== Test out error messages for ACL text parsing === +Note: Old interface gave more informative error msgs ++ chacl u file1 +chacl: u - Invalid argument ++ chacl u: file1 +chacl: u: - Invalid argument ++ chacl u:rumpledumpleunknownuser file1 +chacl: u:rumpledumpleunknownuser - Invalid argument ++ chacl u:rumpledumpleunknownuser: file1 +chacl: u:rumpledumpleunknownuser: - Invalid argument ++ chacl g:rumpledumpleunknowngrp file1 +chacl: g:rumpledumpleunknowngrp - Invalid argument ++ chacl g:rumpledumpleunknowngrp: file1 +chacl: g:rumpledumpleunknowngrp: - Invalid argument ++ chacl o:user1:rwx file1 +chacl: o:user1:rwx - Invalid argument ++ chacl m:user1:rwx file1 +chacl: m:user1:rwx - Invalid argument ++ chacl a::rwx file1 +chacl: a::rwx - Invalid argument ++ set +x diff --git a/tests/generic/group b/tests/generic/group index ae847c8a..e13b5683 100644 --- a/tests/generic/group +++ b/tests/generic/group @@ -101,6 +101,7 @@ 096 auto prealloc quick zero 097 attr auto quick 098 auto quick metadata +099 acl auto quick 100 udf auto 101 auto quick metadata 102 auto rw diff --git a/tests/shared/051 b/tests/shared/051 deleted file mode 100755 index 298838e7..00000000 --- a/tests/shared/051 +++ /dev/null @@ -1,321 +0,0 @@ -#! /bin/bash -# FS QA Test No. 051 -# -# Test out ACLs. -# -#----------------------------------------------------------------------- -# Copyright (c) 2000-2002 Silicon Graphics, Inc. All Rights Reserved. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it would be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write the Free Software Foundation, -# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -# -#----------------------------------------------------------------------- -# - -seq=`basename $0` -seqres=$RESULT_DIR/$seq - -here=`pwd` -tmp=/tmp/$$ -status=1 # FAILure is the default! -trap "_cleanup; exit \$status" 0 1 2 3 15 - -# get standard environment, filters and checks -. ./common/rc -. ./common/filter -. ./common/attr - -_cleanup() -{ - cd / - rm -f $tmp.* - [ -n "$TEST_DIR" ] && rm -rf $TEST_DIR/$seq.dir1 -} - -# ----- -# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ -# This is set with chacl(1) and can be changed by chmod(1). -# -# Test that this is being set for ACL and for std unix permissions -# Test that we can get back the same ACL. -# Test std permissions for rwx. -# ----- -# -# Test out default ACLs and that the ACL is being PASSed -# onto the children of the dir. -# -# ----- -# Test out access check for extended ACLs. -# -> 3 extra ACEs: MASK, GROUP, USER -# -> the GROUP compares with egid of process _and_ the supplementary -# groups (as found in /etc/group) -# -# Test that mask works for USER, GROUP, GROUP_OBJ -# Test that the ACE type priority is working -# -> this would be done by simultaneously matching on ACEs -# -> interesting if it allows user to specify ACEs in any order -# - -# real QA test starts here -_supported_fs xfs udf -_supported_os Linux -_require_test -_require_runas - -rm -f $seqres.full - -_acl_setup_ids -_require_acls - -# get dir -cd $TEST_DIR -rm -rf $seq.dir1 -mkdir $seq.dir1 -cd $seq.dir1 - -echo "QA output created by $seq" -echo "" -echo "=== Test minimal ACE ===" - -echo "Setup file" -# Note: as this is a shell script, -# will need read and execute permission set -# in order to execute it. -touch file1 -cat <file1 -#!/bin/bash -echo "Test was executed" -EOF -chmod u=rwx file1 -chmod g=rw- file1 -chmod o=r-- file1 -chown $acl1.$acl2 file1 -_acl_ls file1 - -echo "" -echo "--- Test get and set of ACL ---" -echo "Note: Old interface gave an empty ACL - now output an ACL" -chacl -l file1 | _acl_filter_id -echo "Try using single colon separator" -echo "Note: Old interface FAILed because of single colon - new one allows it" -chacl u::r--,g::rwx,o:rw- file1 2>&1 -echo "Expect to PASS" -chacl u::r--,g::rwx,o::rw- file1 2>&1 -chacl -l file1 | _acl_filter_id - -echo "" -echo "--- Test sync of ACL with std permissions ---" -_acl_ls file1 -chmod u+w file1 -_acl_ls file1 -chacl -l file1 | _acl_filter_id - -echo "" -echo "--- Test owner permissions ---" -chacl u::r-x,g::---,o::--- file1 2>&1 -chacl -l file1 | _acl_filter_id -# change to owner -echo "Expect to PASS" -_runas -u $acl1 -g $acl1 ./file1 2>&1 -echo "Expect to FAIL" -_runas -u $acl2 -g $acl2 ./file1 2>&1 - -echo "" -echo "--- Test group permissions ---" -chacl u::---,g::r-x,o::--- file1 2>&1 -chacl -l file1 | _acl_filter_id -echo "Expect to FAIL - acl1 is owner" -_runas -u $acl1 -g $acl1 ./file1 2>&1 -echo "Expect to PASS - acl2 matches group" -_runas -u $acl2 -g $acl2 ./file1 2>&1 -echo "Expect to PASS - acl2 matches sup group" -_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1 -echo "Expect to FAIL - acl3 is not in group" -_runas -u $acl3 -g $acl3 ./file1 2>&1 - -echo "" -echo "--- Test other permissions ---" -chacl u::---,g::---,o::r-x file1 2>&1 -chacl -l file1 | _acl_filter_id -echo "Expect to FAIL - acl1 is owner" -_runas -u $acl1 -g $acl1 ./file1 2>&1 -echo "Expect to FAIL - acl2 is in group" -_runas -u $acl2 -g $acl2 ./file1 2>&1 -echo "Expect to FAIL - acl2 is in sup. group" -_runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1 -echo "Expect to PASS - acl3 is not owner or in group" -_runas -u $acl3 -g $acl3 ./file1 2>&1 - -#------------------------------------------------------- - -echo "" -echo "=== Test Extended ACLs ===" - -echo "" -echo "--- Test adding a USER ACE ---" -echo "Expect to FAIL as no MASK provided" -chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id -echo "Ensure that ACL has not been changed" -chacl -l file1 | _acl_filter_id -echo "Expect to PASS - USER ACE matches user" -chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1 -chacl -l file1 | _acl_filter_id -_runas -u $acl2 -g $acl2 ./file1 2>&1 -echo "Expect to FAIL - USER ACE does not match user" -_runas -u $acl3 -g $acl3 ./file1 2>&1 - -echo "" -echo "--- Test adding a GROUP ACE ---" -echo "Expect to FAIL as no MASK provided" -chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id -echo "Ensure that ACL has not been changed" -chacl -l file1 | _acl_filter_id -chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1 -chacl -l file1 | _acl_filter_id -echo "Expect to PASS - GROUP ACE matches group" -_runas -u $acl2 -g $acl2 ./file1 2>&1 -echo "Expect to PASS - GROUP ACE matches sup group" -_runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1 -echo "Expect to FAIL - GROUP ACE does not match group" -_runas -u $acl3 -g $acl3 ./file1 2>&1 - -#------------------------------------------------------- - -echo "" -echo "--- Test MASK ---" - -# group -chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1 -chacl -l file1 | _acl_filter_id -echo "Expect to FAIL as MASK prohibits execution" -_runas -u $acl2 -g $acl2 ./file1 2>&1 - -# user -chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1 -echo "Expect to FAIL as MASK prohibits execution" -_runas -u $acl2 -g $acl2 ./file1 2>&1 - -# user -chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1 -echo "Expect to PASS as MASK allows execution" -_runas -u $acl2 -g $acl2 ./file1 2>&1 - -#------------------------------------------------------- - -echo "" -echo "--- Test ACE priority ---" - -chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1 -echo "Expect to FAIL as should match on owner" -_runas -u $acl1 -g $acl2 ./file1 2>&1 - -chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1 -echo "Expect to PASS as should match on user" -_runas -u $acl2 -g $acl2 ./file1 2>&1 - -#------------------------------------------------------- - -echo "" -echo "=== Test can read ACLs without access permissions ===" -# This was a bug in kernel code where syscred wasn't being used -# to override the capabilities -chacl o::---,g::---,u::--- file1 2>&1 -chacl -l file1 | _acl_filter_id - -#------------------------------------------------------- - -echo "" -echo "=== Test Default ACLs ===" -# make test clearer by testing with and without umask -umask 0 - -mkdir acldir -chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1 -chacl -l acldir | _acl_filter_id -cd acldir - -touch file2 -_acl_ls file2 -chacl -l file2 | _acl_filter_id - -#ensure that umask is not having an effect -#so set it and see -umask 722 -touch file3 -_acl_ls file3 -chacl -l file3 | _acl_filter_id - -cd .. -umask 022 - -#------------------------------------------------------- - -echo "" -echo "=== Removing ACLs ===" -chacl -l file1 | _acl_filter_id -chacl -l acldir | _acl_filter_id -chacl -l acldir/file2 | _acl_filter_id -echo "Remove ACLs..." -chacl -R file1 -chacl -B acldir -chacl -R acldir/file2 -echo "Note: Old interface would mean empty ACLs - now we show mode ACLs" -chacl -l file1 | _acl_filter_id -chacl -l acldir | _acl_filter_id -chacl -l acldir/file2 | _acl_filter_id - -#------------------------------------------------------- - -echo "" -echo "=== Recursive change ACL ===" -rm -fr root -mkdir root -pushd root >/dev/null -# create an arbitrary little tree -for i in 1 2 3 4 5 6 7 8 9 0 -do - mkdir -p a/$i - mkdir -p b/c$i/$i - touch a/$i/mumble -done -popd >/dev/null -chown -R 12345.54321 root -echo "Change #1..." -_runas -u 12345 -g 54321 -- chacl -r u::rwx,g::-w-,o::--x root -find root -print | xargs chacl -l -echo "Change #2..." -_runas -u 12345 -g 54321 -- chacl -r u::---,g::---,o::--- root -find root -print | xargs chacl -l - -#------------------------------------------------------- - -echo "" -echo "=== Test out error messages for ACL text parsing ===" -echo "Note: Old interface gave more informative error msgs" - -touch file1 -set -x -chacl u file1 -chacl u: file1 -chacl u:rumpledumpleunknownuser file1 -chacl u:rumpledumpleunknownuser: file1 -chacl g:rumpledumpleunknowngrp file1 -chacl g:rumpledumpleunknowngrp: file1 -chacl o:user1:rwx file1 -chacl m:user1:rwx file1 -chacl a::rwx file1 -set +x - -# success, all done -status=0 -exit diff --git a/tests/shared/051.out b/tests/shared/051.out deleted file mode 100644 index 2b5220f7..00000000 --- a/tests/shared/051.out +++ /dev/null @@ -1,220 +0,0 @@ -QA output created by 051 - -=== Test minimal ACE === -Setup file --rwxrw-r-- id1 id2 file1 - ---- Test get and set of ACL --- -Note: Old interface gave an empty ACL - now output an ACL -file1 [u::rwx,g::rw-,o::r--] -Try using single colon separator -Note: Old interface FAILed because of single colon - new one allows it -Expect to PASS -file1 [u::r--,g::rwx,o::rw-] - ---- Test sync of ACL with std permissions --- --r--rwxrw- id1 id2 file1 --rw-rwxrw- id1 id2 file1 -file1 [u::rw-,g::rwx,o::rw-] - ---- Test owner permissions --- -file1 [u::r-x,g::---,o::---] -Expect to PASS -Test was executed -Expect to FAIL -./file1: Permission denied - ---- Test group permissions --- -file1 [u::---,g::r-x,o::---] -Expect to FAIL - acl1 is owner -./file1: Permission denied -Expect to PASS - acl2 matches group -Test was executed -Expect to PASS - acl2 matches sup group -Test was executed -Expect to FAIL - acl3 is not in group -./file1: Permission denied - ---- Test other permissions --- -file1 [u::---,g::---,o::r-x] -Expect to FAIL - acl1 is owner -./file1: Permission denied -Expect to FAIL - acl2 is in group -./file1: Permission denied -Expect to FAIL - acl2 is in sup. group -./file1: Permission denied -Expect to PASS - acl3 is not owner or in group -Test was executed - -=== Test Extended ACLs === - ---- Test adding a USER ACE --- -Expect to FAIL as no MASK provided -chacl: access ACL 'u::---,g::---,o::---,u:id2:r-x': Missing or wrong entry at entry 3 -Ensure that ACL has not been changed -file1 [u::---,g::---,o::r-x] -Expect to PASS - USER ACE matches user -file1 [u::---,u:id2:r-x,g::---,m::rwx,o::---] -Test was executed -Expect to FAIL - USER ACE does not match user -./file1: Permission denied - ---- Test adding a GROUP ACE --- -Expect to FAIL as no MASK provided -chacl: access ACL 'u::---,g::---,o::---,g:id2:r-x': Missing or wrong entry at entry 3 -Ensure that ACL has not been changed -file1 [u::---,u:id2:r-x,g::---,m::rwx,o::---] -file1 [u::---,g::---,g:id2:r-x,m::rwx,o::---] -Expect to PASS - GROUP ACE matches group -Test was executed -Expect to PASS - GROUP ACE matches sup group -Test was executed -Expect to FAIL - GROUP ACE does not match group -./file1: Permission denied - ---- Test MASK --- -file1 [u::---,g::---,g:id2:r-x,m::-w-,o::---] -Expect to FAIL as MASK prohibits execution -./file1: Permission denied -Expect to FAIL as MASK prohibits execution -./file1: Permission denied -Expect to PASS as MASK allows execution -Test was executed - ---- Test ACE priority --- -Expect to FAIL as should match on owner -./file1: Permission denied -Expect to PASS as should match on user -Test was executed - -=== Test can read ACLs without access permissions === -file1 [u::---,g::---,o::---] - -=== Test Default ACLs === -acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---] --r--r----- 0 0 file2 -file2 [u::r--,g::r--,o::---] --r--r----- 0 0 file3 -file3 [u::r--,g::r--,o::---] - -=== Removing ACLs === -file1 [u::---,g::---,o::---] -acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---] -acldir/file2 [u::r--,g::r--,o::---] -Remove ACLs... -Note: Old interface would mean empty ACLs - now we show mode ACLs -file1 [u::---,g::---,o::---] -acldir [u::rwx,g::rwx,o::rwx] -acldir/file2 [u::r--,g::r--,o::---] - -=== Recursive change ACL === -Change #1... -root [u::rwx,g::-w-,o::--x] -root/a [u::rwx,g::-w-,o::--x] -root/a/1 [u::rwx,g::-w-,o::--x] -root/a/1/mumble [u::rwx,g::-w-,o::--x] -root/a/2 [u::rwx,g::-w-,o::--x] -root/a/2/mumble [u::rwx,g::-w-,o::--x] -root/a/3 [u::rwx,g::-w-,o::--x] -root/a/3/mumble [u::rwx,g::-w-,o::--x] -root/a/4 [u::rwx,g::-w-,o::--x] -root/a/4/mumble [u::rwx,g::-w-,o::--x] -root/a/5 [u::rwx,g::-w-,o::--x] -root/a/5/mumble [u::rwx,g::-w-,o::--x] -root/a/6 [u::rwx,g::-w-,o::--x] -root/a/6/mumble [u::rwx,g::-w-,o::--x] -root/a/7 [u::rwx,g::-w-,o::--x] -root/a/7/mumble [u::rwx,g::-w-,o::--x] -root/a/8 [u::rwx,g::-w-,o::--x] -root/a/8/mumble [u::rwx,g::-w-,o::--x] -root/a/9 [u::rwx,g::-w-,o::--x] -root/a/9/mumble [u::rwx,g::-w-,o::--x] -root/a/0 [u::rwx,g::-w-,o::--x] -root/a/0/mumble [u::rwx,g::-w-,o::--x] -root/b [u::rwx,g::-w-,o::--x] -root/b/c1 [u::rwx,g::-w-,o::--x] -root/b/c1/1 [u::rwx,g::-w-,o::--x] -root/b/c2 [u::rwx,g::-w-,o::--x] -root/b/c2/2 [u::rwx,g::-w-,o::--x] -root/b/c3 [u::rwx,g::-w-,o::--x] -root/b/c3/3 [u::rwx,g::-w-,o::--x] -root/b/c4 [u::rwx,g::-w-,o::--x] -root/b/c4/4 [u::rwx,g::-w-,o::--x] -root/b/c5 [u::rwx,g::-w-,o::--x] -root/b/c5/5 [u::rwx,g::-w-,o::--x] -root/b/c6 [u::rwx,g::-w-,o::--x] -root/b/c6/6 [u::rwx,g::-w-,o::--x] -root/b/c7 [u::rwx,g::-w-,o::--x] -root/b/c7/7 [u::rwx,g::-w-,o::--x] -root/b/c8 [u::rwx,g::-w-,o::--x] -root/b/c8/8 [u::rwx,g::-w-,o::--x] -root/b/c9 [u::rwx,g::-w-,o::--x] -root/b/c9/9 [u::rwx,g::-w-,o::--x] -root/b/c0 [u::rwx,g::-w-,o::--x] -root/b/c0/0 [u::rwx,g::-w-,o::--x] -Change #2... -root [u::---,g::---,o::---] -root/a [u::---,g::---,o::---] -root/a/1 [u::---,g::---,o::---] -root/a/1/mumble [u::---,g::---,o::---] -root/a/2 [u::---,g::---,o::---] -root/a/2/mumble [u::---,g::---,o::---] -root/a/3 [u::---,g::---,o::---] -root/a/3/mumble [u::---,g::---,o::---] -root/a/4 [u::---,g::---,o::---] -root/a/4/mumble [u::---,g::---,o::---] -root/a/5 [u::---,g::---,o::---] -root/a/5/mumble [u::---,g::---,o::---] -root/a/6 [u::---,g::---,o::---] -root/a/6/mumble [u::---,g::---,o::---] -root/a/7 [u::---,g::---,o::---] -root/a/7/mumble [u::---,g::---,o::---] -root/a/8 [u::---,g::---,o::---] -root/a/8/mumble [u::---,g::---,o::---] -root/a/9 [u::---,g::---,o::---] -root/a/9/mumble [u::---,g::---,o::---] -root/a/0 [u::---,g::---,o::---] -root/a/0/mumble [u::---,g::---,o::---] -root/b [u::---,g::---,o::---] -root/b/c1 [u::---,g::---,o::---] -root/b/c1/1 [u::---,g::---,o::---] -root/b/c2 [u::---,g::---,o::---] -root/b/c2/2 [u::---,g::---,o::---] -root/b/c3 [u::---,g::---,o::---] -root/b/c3/3 [u::---,g::---,o::---] -root/b/c4 [u::---,g::---,o::---] -root/b/c4/4 [u::---,g::---,o::---] -root/b/c5 [u::---,g::---,o::---] -root/b/c5/5 [u::---,g::---,o::---] -root/b/c6 [u::---,g::---,o::---] -root/b/c6/6 [u::---,g::---,o::---] -root/b/c7 [u::---,g::---,o::---] -root/b/c7/7 [u::---,g::---,o::---] -root/b/c8 [u::---,g::---,o::---] -root/b/c8/8 [u::---,g::---,o::---] -root/b/c9 [u::---,g::---,o::---] -root/b/c9/9 [u::---,g::---,o::---] -root/b/c0 [u::---,g::---,o::---] -root/b/c0/0 [u::---,g::---,o::---] - -=== Test out error messages for ACL text parsing === -Note: Old interface gave more informative error msgs -+ chacl u file1 -chacl: u - Invalid argument -+ chacl u: file1 -chacl: u: - Invalid argument -+ chacl u:rumpledumpleunknownuser file1 -chacl: u:rumpledumpleunknownuser - Invalid argument -+ chacl u:rumpledumpleunknownuser: file1 -chacl: u:rumpledumpleunknownuser: - Invalid argument -+ chacl g:rumpledumpleunknowngrp file1 -chacl: g:rumpledumpleunknowngrp - Invalid argument -+ chacl g:rumpledumpleunknowngrp: file1 -chacl: g:rumpledumpleunknowngrp: - Invalid argument -+ chacl o:user1:rwx file1 -chacl: o:user1:rwx - Invalid argument -+ chacl m:user1:rwx file1 -chacl: m:user1:rwx - Invalid argument -+ chacl a::rwx file1 -chacl: a::rwx - Invalid argument -+ set +x diff --git a/tests/shared/group b/tests/shared/group index fab93315..b3663a03 100644 --- a/tests/shared/group +++ b/tests/shared/group @@ -11,7 +11,6 @@ 006 auto enospc 007 dangerous_fuzzers 032 mkfs auto quick -051 acl udf auto quick 272 auto enospc rw 289 auto quick 298 auto trim