tests/generic/369

#! /bin/bash
# SPDX-License-Identifier: GPL-2.0
# Copyright (c) 2016 Red Hat, Inc.  All Rights Reserved.
#
# FS QA Test 369
#
# RichACL delete test
#
seq=`basename $0`
seqres=$RESULT_DIR/$seq
echo "QA output created by $seq"

here=`pwd`
tmp=/tmp/$$
status=1	# failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

_cleanup()
{
	cd /
	rm -f $tmp.*
}

# get standard environment, filters and checks
. ./common/rc

# remove previous $seqres.full before test
rm -f $seqres.full

# real QA test starts here

_supported_fs generic
_supported_os Linux

_require_scratch
_require_scratch_richacl
_require_richacl_prog
_require_runas

_scratch_mkfs_richacl >> $seqres.full
_scratch_mount

cd $SCRATCH_MNT

r()
{
	echo "--- runas -u 99 -g 99 $*"
	_runas -u 99 -g 99 -- "$@"
}

umask 022

chmod go+w .
mkdir d1 d2 d3 d4 d5 d6 d7
touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h
chmod o+w d1/g
chown 99 d2
chgrp 99 d3
chmod g+w d3
$SETRICHACL_PROG --set 'u:99:wx::allow' d4
$SETRICHACL_PROG --set 'u:99:d::allow' d5
$SETRICHACL_PROG --set 'u:99:xd::allow' d6
$SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h
chmod 664 d7/g

mkdir s2 s3 s4 s5 s6 s7
chmod +t s2 s3 s4 s5 s6 s7
touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h
chown 99 s2
chgrp 99 s3
chmod g+w s3
$SETRICHACL_PROG --set 'u:99:wx::allow' s4
$SETRICHACL_PROG --set 'u:99:d::allow' s5
$SETRICHACL_PROG --set 'u:99:xd::allow' s6
$SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h
chmod 664 s7/g

# Cannot delete files with no or only with write permissions on the directory
r rm -f d1/f d1/g

# Can delete files in directories we own
r rm -f d2/f s2/f

# Can delete files in non-sticky directories we have write access to
r rm -f d3/f s3/f

# "Write_data/execute" access does not include delete_child access, so deleting
# is not allowed:
r rm -f d4/f s4/f

# "Delete_child" access alone also is not sufficient
r rm -f d5/f s5/f

# "Execute/delete_child" access is sufficient for non-sticky directories
r rm -f d6/f s6/f

# "Delete" access on the child is sufficient, even in sticky directories.
r rm -f d7/f s7/f

# Regression: Delete access must not override add_file / add_subdirectory
# access.
r touch h
r mv -f h d7/
r mv -f h s7/

# A chmod turns off the "delete" permission
r rm -f d7/g s7/g

# success, all done
status=0
exit
generic: Add richacl tests 2016-06-28 14:47:26 +02:00			`#! /bin/bash`
generic: convert tests to SPDX license tags 2018-06-09 11:35:42 +10:00			`# SPDX-License-Identifier: GPL-2.0`
			`# Copyright (c) 2016 Red Hat, Inc. All Rights Reserved.`
			`#`
generic: Add richacl tests 2016-06-28 14:47:26 +02:00			`# FS QA Test 369`
			`#`
			`# RichACL delete test`
			`#`
			seq=`basename $0`
			`seqres=$RESULT_DIR/$seq`
			`echo "QA output created by $seq"`

			here=`pwd`
			`tmp=/tmp/$$`
			`status=1 # failure is the default!`
			`trap "_cleanup; exit \$status" 0 1 2 3 15`

			`_cleanup()`
			`{`
			`cd /`
			`rm -f $tmp.*`
			`}`

			`# get standard environment, filters and checks`
			`. ./common/rc`

			`# remove previous $seqres.full before test`
			`rm -f $seqres.full`

			`# real QA test starts here`

			`_supported_fs generic`
			`_supported_os Linux`

			`_require_scratch`
			`_require_scratch_richacl`
			`_require_richacl_prog`
			`_require_runas`

			`_scratch_mkfs_richacl >> $seqres.full`
			`_scratch_mount`

			`cd $SCRATCH_MNT`

			`r()`
			`{`
			`echo "--- runas -u 99 -g 99 $*"`
			`_runas -u 99 -g 99 -- "$@"`
			`}`

			`umask 022`

			`chmod go+w .`
			`mkdir d1 d2 d3 d4 d5 d6 d7`
			`touch d1/f d1/g d2/f d3/f d4/f d5/f d6/f d7/f d7/g d7/h`
			`chmod o+w d1/g`
			`chown 99 d2`
			`chgrp 99 d3`
			`chmod g+w d3`
			`$SETRICHACL_PROG --set 'u:99:wx::allow' d4`
			`$SETRICHACL_PROG --set 'u:99:d::allow' d5`
			`$SETRICHACL_PROG --set 'u:99:xd::allow' d6`
			`$SETRICHACL_PROG --set 'u:99:D::allow' d7/f d7/g d7/h`
			`chmod 664 d7/g`

			`mkdir s2 s3 s4 s5 s6 s7`
			`chmod +t s2 s3 s4 s5 s6 s7`
			`touch s2/f s3/f s4/f s5/f s6/f s7/f s7/g s7/h`
			`chown 99 s2`
			`chgrp 99 s3`
			`chmod g+w s3`
			`$SETRICHACL_PROG --set 'u:99:wx::allow' s4`
			`$SETRICHACL_PROG --set 'u:99:d::allow' s5`
			`$SETRICHACL_PROG --set 'u:99:xd::allow' s6`
			`$SETRICHACL_PROG --set 'u:99:D::allow' s7/f s7/g s7/h`
			`chmod 664 s7/g`

			`# Cannot delete files with no or only with write permissions on the directory`
			`r rm -f d1/f d1/g`

			`# Can delete files in directories we own`
			`r rm -f d2/f s2/f`

			`# Can delete files in non-sticky directories we have write access to`
			`r rm -f d3/f s3/f`

			`# "Write_data/execute" access does not include delete_child access, so deleting`
			`# is not allowed:`
			`r rm -f d4/f s4/f`

			`# "Delete_child" access alone also is not sufficient`
			`r rm -f d5/f s5/f`

			`# "Execute/delete_child" access is sufficient for non-sticky directories`
			`r rm -f d6/f s6/f`

			`# "Delete" access on the child is sufficient, even in sticky directories.`
			`r rm -f d7/f s7/f`

			`# Regression: Delete access must not override add_file / add_subdirectory`
			`# access.`
			`r touch h`
			`r mv -f h d7/`
			`r mv -f h s7/`

			`# A chmod turns off the "delete" permission`
			`r rm -f d7/g s7/g`

			`# success, all done`
			`status=0`
			`exit`