cmd/xfs/stress/001 1.6 Renamed to cmd/xfstests/001

051

@@ -0,0 +1,262 @@
+#! /bin/sh
+# XFS QA Test No. 051
+# $Id: 1.1 $
+#
+# Test out ACLs.
+#
+#-----------------------------------------------------------------------
+# Copyright (c) 2000 Silicon Graphics, Inc.  All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of version 2 of the GNU General Public License as
+# published by the Free Software Foundation.
+# 
+# This program is distributed in the hope that it would be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+# 
+# Further, this software is distributed without any warranty that it is
+# free of the rightful claim of any third person regarding infringement
+# or the like.  Any license provided herein, whether implied or
+# otherwise, applies only to this software file.  Patent licenses, if
+# any, provided herein do not apply to combinations of this program with
+# other software, or any other product whatsoever.
+# 
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write the Free Software Foundation, Inc., 59
+# Temple Place - Suite 330, Boston MA 02111-1307, USA.
+# 
+# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy,
+# Mountain View, CA  94043, or:
+# 
+# http://www.sgi.com 
+# 
+# For further information regarding this notice, see: 
+# 
+# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/
+#-----------------------------------------------------------------------
+#
+# creator
+owner=tes@sgi.com
+
+seq=`basename $0`
+echo "QA output created by $seq"
+
+here=`pwd`
+tmp=/tmp/$$
+runas=$here/src/runas
+status=1	# FAILure is the default!
+trap "_cleanup; exit \$status" 0 1 2 3 15
+
+# get standard environment, filters and checks
+. ./common.rc
+. ./common.filter
+
+_cleanup()
+{
+    rm -f $tmp.*
+    rm -rf $TEST_DIR/$seq.dir1
+}
+
+_ls()
+{
+    ls -ln $* | awk '{ print $1, $3, $4, $NF }'
+} 
+
+# -----
+# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
+# This is set with chacl(1) and can be changed by chmod(1).
+#
+# Test that this is being set for ACL and for std unix permissions
+# Test that we can get back the same ACL.
+# Test std permissions for rwx.
+# -----
+#
+# Test out default ACLs and that the ACL is being PASSed
+# onto the children of the dir.
+#
+# -----
+# Test out access check for extended ACLs.
+# -> 3 extra ACEs: MASK, GROUP, USER
+# -> the GROUP compares with egid of process _and_ the supplementary
+#    groups (as found in /etc/group)
+#
+# Test that mask works for USER, GROUP, GROUP_OBJ
+# Test that the ACE type priority is working
+#   -> this would be done by simultaneously matching on ACEs
+#   -> interesting if it allows user to specify ACEs in any order
+#
+
+acl1=1001;acl2=1002;acl3=1003
+
+[ -x /bin/chacl ] || _notrun "chacl command not found"
+[ -x $runas ] || _notrun "$runas executable not found"
+
+# get dir
+cd $TEST_DIR
+rm -rf $seq.dir1
+mkdir $seq.dir1
+cd $seq.dir1
+
+#-------------------------------------------------------
+# real QA test starts here
+
+echo ""
+echo "=== Test minimal ACE ==="
+
+echo "Setup file"
+touch file1
+cat <<EOF >file1
+#!/bin/sh
+echo "Test was executed"
+EOF
+chmod u=rwx file1
+chmod g=rw- file1
+chmod o=r-- file1
+chown $acl1.$acl2 file1
+_ls file1
+
+echo ""
+echo "--- Test get and set of ACL ---"
+chacl -l file1
+echo "Expect to FAIL" 
+chacl u::r--,g::rwx,o:rw- file1 2>&1
+echo "Expect to PASS" 
+chacl u::r--,g::rwx,o::rw- file1 2>&1
+chacl -l file1
+
+echo ""
+echo "--- Test sync of ACL with std permissions ---"
+_ls file1
+chmod u+w file1
+_ls file1
+chacl -l file1
+
+echo ""
+echo "--- Test owner permissions ---"
+chacl u::r-x,g::---,o::--- file1 2>&1
+chacl -l file1
+# change to owner
+echo "Expect to PASS" 
+$runas -u $acl1 -g $acl1 ./file1 2>&1
+echo "Expect to FAIL" 
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+
+echo ""
+echo "--- Test group permissions ---"
+chacl u::---,g::r-x,o::--- file1 2>&1
+chacl -l file1
+echo "Expect to FAIL - acl1 is owner" 
+$runas -u $acl1 -g $acl1 ./file1 2>&1
+echo "Expect to PASS - acl2 matches group" 
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+echo "Expect to PASS - acl2 matches sup group" 
+$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
+echo "Expect to FAIL - acl3 is not in group" 
+$runas -u $acl3 -g $acl3 ./file1 2>&1
+
+echo ""
+echo "--- Test other permissions ---"
+chacl u::---,g::---,o::r-x file1 2>&1
+chacl -l file1
+echo "Expect to FAIL - acl1 is owner" 
+$runas -u $acl1 -g $acl1 ./file1 2>&1
+echo "Expect to FAIL - acl2 is in group" 
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+echo "Expect to FAIL - acl2 is in sup. group" 
+$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
+echo "Expect to PASS - acl3 is not owner or in group" 
+$runas -u $acl3 -g $acl3 ./file1 2>&1
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Test Extended ACLs ==="
+
+echo ""
+echo "--- Test adding a USER ACE ---"
+echo "Expect to FAIL as no MASK provided"
+chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1
+echo "Ensure that ACL has not been changed"
+chacl -l file1
+echo "Expect to PASS - USER ACE matches user"
+chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
+chacl -l file1
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+echo "Expect to FAIL - USER ACE does not match user"
+$runas -u $acl3 -g $acl3 ./file1 2>&1
+
+echo ""
+echo "--- Test adding a GROUP ACE ---"
+echo "Expect to FAIL as no MASK provided"
+chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1
+echo "Ensure that ACL has not been changed"
+chacl -l file1
+chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
+chacl -l file1
+echo "Expect to PASS - GROUP ACE matches group"
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+echo "Expect to PASS - GROUP ACE matches sup group"
+$runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
+echo "Expect to FAIL - GROUP ACE does not match group"
+$runas -u $acl3 -g $acl3 ./file1 2>&1
+
+#-------------------------------------------------------
+
+echo ""
+echo "--- Test MASK ---"
+chacl u::---,g::---,o::---,g:$acl2:r-x,m::-wx file1 2>&1
+chacl -l file1
+echo "Expect to FAIL as MASK prohibits execution"
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+chacl u::---,g::---,o::---,u:$acl2:r-x,m::-wx file1 2>&1
+echo "Expect to FAIL as MASK prohibits execution"
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+
+chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
+echo "Expect to PASS as MASK allows execution"
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+
+#-------------------------------------------------------
+
+echo ""
+echo "--- Test ACE priority ---"
+
+chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
+echo "Expect to FAIL as should match on owner"
+$runas -u $acl1 -g $acl2 ./file1 2>&1
+
+chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
+echo "Expect to PASS as should match on user"
+$runas -u $acl2 -g $acl2 ./file1 2>&1
+
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Test can read ACLs without access permissions ==="
+# This was a bug in kernel code where syscred wasn't being used
+# to override the capabilities
+chacl o::---,g::---,u::--- file1 2>&1
+chacl -l ./file1
+
+
+#-------------------------------------------------------
+
+echo ""
+echo "=== Test Default ACLs ==="
+mkdir acldir
+chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" ./acldir 2>&1
+chacl -l ./acldir
+
+cd acldir
+touch file2
+_ls file2
+chacl -l ./file2
+cd ..
+
+#-------------------------------------------------------
+
+# success, all done
+status=0
+exit