mirror of
https://github.com/linux-apfs/apfstests.git
synced 2026-05-01 15:01:44 -07:00
Dave Chinner
0925cbea74
Back many years ago, the owner field was used to email the test owner when auto-qa failed that test. It is not needed anymore - if you want to know who wrote the test, look it up in git.... Script used was: $ sed -i -e "/^# creator/d" -e "/^owner/d" [0-3][0-9][0-9] Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Phil White <pwhite@sgi.com> [rjohnston@sgi.com added TOT changes] Signed-off-by: Rich Johnston <rjohnston@sgi.com>
367 lines
9.6 KiB
Bash
Executable File
367 lines
9.6 KiB
Bash
Executable File
#! /bin/bash
|
|
# FS QA Test No. 051
|
|
#
|
|
# Test out ACLs.
|
|
#
|
|
#-----------------------------------------------------------------------
|
|
# Copyright (c) 2000-2002 Silicon Graphics, Inc. All Rights Reserved.
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation.
|
|
#
|
|
# This program is distributed in the hope that it would be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write the Free Software Foundation,
|
|
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
#
|
|
#-----------------------------------------------------------------------
|
|
#
|
|
|
|
seq=`basename $0`
|
|
|
|
here=`pwd`
|
|
tmp=/tmp/$$
|
|
runas=$here/src/runas
|
|
status=1 # FAILure is the default!
|
|
trap "_cleanup; exit \$status" 0 1 2 3 15
|
|
|
|
# get standard environment, filters and checks
|
|
. ./common.rc
|
|
. ./common.filter
|
|
. ./common.attr
|
|
|
|
_cleanup()
|
|
{
|
|
cd /
|
|
rm -f $tmp.*
|
|
[ -n "$testdir" ] && rm -rf $testdir/$seq.dir1
|
|
_cleanup_testdir
|
|
}
|
|
|
|
# -----
|
|
# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
|
|
# This is set with chacl(1) and can be changed by chmod(1).
|
|
#
|
|
# Test that this is being set for ACL and for std unix permissions
|
|
# Test that we can get back the same ACL.
|
|
# Test std permissions for rwx.
|
|
# -----
|
|
#
|
|
# Test out default ACLs and that the ACL is being PASSed
|
|
# onto the children of the dir.
|
|
#
|
|
# -----
|
|
# Test out access check for extended ACLs.
|
|
# -> 3 extra ACEs: MASK, GROUP, USER
|
|
# -> the GROUP compares with egid of process _and_ the supplementary
|
|
# groups (as found in /etc/group)
|
|
#
|
|
# Test that mask works for USER, GROUP, GROUP_OBJ
|
|
# Test that the ACE type priority is working
|
|
# -> this would be done by simultaneously matching on ACEs
|
|
# -> interesting if it allows user to specify ACEs in any order
|
|
#
|
|
|
|
# real QA test starts here
|
|
_supported_fs xfs udf
|
|
_supported_os Linux
|
|
|
|
[ -x $runas ] || _notrun "$runas executable not found"
|
|
|
|
rm -f $seq.full
|
|
|
|
_setup_testdir
|
|
|
|
_need_to_be_root
|
|
_acl_setup_ids
|
|
_require_acls
|
|
|
|
# get dir
|
|
cd $testdir
|
|
rm -rf $seq.dir1
|
|
mkdir $seq.dir1
|
|
cd $seq.dir1
|
|
|
|
echo "QA output created by $seq"
|
|
echo ""
|
|
echo "=== Test minimal ACE ==="
|
|
|
|
echo "Setup file"
|
|
# Note: as this is a shell script,
|
|
# will need read and execute permission set
|
|
# in order to execute it.
|
|
touch file1
|
|
cat <<EOF >file1
|
|
#!/bin/bash
|
|
echo "Test was executed"
|
|
EOF
|
|
chmod u=rwx file1
|
|
chmod g=rw- file1
|
|
chmod o=r-- file1
|
|
chown $acl1.$acl2 file1
|
|
_acl_ls file1
|
|
|
|
echo ""
|
|
echo "--- Test get and set of ACL ---"
|
|
echo "Note: Old interface gave an empty ACL - now output an ACL"
|
|
chacl -l file1 | _acl_filter_id
|
|
echo "Try using single colon separator"
|
|
echo "Note: Old interface FAILed because of single colon - new one allows it"
|
|
chacl u::r--,g::rwx,o:rw- file1 2>&1
|
|
echo "Expect to PASS"
|
|
chacl u::r--,g::rwx,o::rw- file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
|
|
echo ""
|
|
echo "--- Test sync of ACL with std permissions ---"
|
|
_acl_ls file1
|
|
chmod u+w file1
|
|
_acl_ls file1
|
|
chacl -l file1 | _acl_filter_id
|
|
|
|
echo ""
|
|
echo "--- Test owner permissions ---"
|
|
chacl u::r-x,g::---,o::--- file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
# change to owner
|
|
echo "Expect to PASS"
|
|
$runas -u $acl1 -g $acl1 ./file1 2>&1
|
|
echo "Expect to FAIL"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
|
|
echo ""
|
|
echo "--- Test group permissions ---"
|
|
chacl u::---,g::r-x,o::--- file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
echo "Expect to FAIL - acl1 is owner"
|
|
$runas -u $acl1 -g $acl1 ./file1 2>&1
|
|
echo "Expect to PASS - acl2 matches group"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
echo "Expect to PASS - acl2 matches sup group"
|
|
$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
|
|
echo "Expect to FAIL - acl3 is not in group"
|
|
$runas -u $acl3 -g $acl3 ./file1 2>&1
|
|
|
|
echo ""
|
|
echo "--- Test other permissions ---"
|
|
chacl u::---,g::---,o::r-x file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
echo "Expect to FAIL - acl1 is owner"
|
|
$runas -u $acl1 -g $acl1 ./file1 2>&1
|
|
echo "Expect to FAIL - acl2 is in group"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
echo "Expect to FAIL - acl2 is in sup. group"
|
|
$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
|
|
echo "Expect to PASS - acl3 is not owner or in group"
|
|
$runas -u $acl3 -g $acl3 ./file1 2>&1
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Test Extended ACLs ==="
|
|
|
|
echo ""
|
|
echo "--- Test adding a USER ACE ---"
|
|
echo "Expect to FAIL as no MASK provided"
|
|
chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id
|
|
echo "Ensure that ACL has not been changed"
|
|
chacl -l file1 | _acl_filter_id
|
|
echo "Expect to PASS - USER ACE matches user"
|
|
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
echo "Expect to FAIL - USER ACE does not match user"
|
|
$runas -u $acl3 -g $acl3 ./file1 2>&1
|
|
|
|
echo ""
|
|
echo "--- Test adding a GROUP ACE ---"
|
|
echo "Expect to FAIL as no MASK provided"
|
|
chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id
|
|
echo "Ensure that ACL has not been changed"
|
|
chacl -l file1 | _acl_filter_id
|
|
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
echo "Expect to PASS - GROUP ACE matches group"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
echo "Expect to PASS - GROUP ACE matches sup group"
|
|
$runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
|
|
echo "Expect to FAIL - GROUP ACE does not match group"
|
|
$runas -u $acl3 -g $acl3 ./file1 2>&1
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Test MASK ---"
|
|
|
|
# group
|
|
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
echo "Expect to FAIL as MASK prohibits execution"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
|
|
# user
|
|
chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
|
|
echo "Expect to FAIL as MASK prohibits execution"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
|
|
# user
|
|
chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
|
|
echo "Expect to PASS as MASK allows execution"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "--- Test ACE priority ---"
|
|
|
|
chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
|
|
echo "Expect to FAIL as should match on owner"
|
|
$runas -u $acl1 -g $acl2 ./file1 2>&1
|
|
|
|
chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
|
|
echo "Expect to PASS as should match on user"
|
|
$runas -u $acl2 -g $acl2 ./file1 2>&1
|
|
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Test can read ACLs without access permissions ==="
|
|
# This was a bug in kernel code where syscred wasn't being used
|
|
# to override the capabilities
|
|
chacl o::---,g::---,u::--- file1 2>&1
|
|
chacl -l file1 | _acl_filter_id
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Test Default ACLs ==="
|
|
# make test clearer by testing with and without umask
|
|
umask 0
|
|
|
|
mkdir acldir
|
|
chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
|
|
chacl -l acldir | _acl_filter_id
|
|
cd acldir
|
|
|
|
touch file2
|
|
_acl_ls file2
|
|
chacl -l file2 | _acl_filter_id
|
|
|
|
#ensure that umask is not having an effect
|
|
#so set it and see
|
|
umask 722
|
|
touch file3
|
|
_acl_ls file3
|
|
chacl -l file3 | _acl_filter_id
|
|
|
|
cd ..
|
|
umask 022
|
|
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Removing ACLs ==="
|
|
chacl -l file1 | _acl_filter_id
|
|
chacl -l acldir | _acl_filter_id
|
|
chacl -l acldir/file2 | _acl_filter_id
|
|
echo "Remove ACLs..."
|
|
chacl -R file1
|
|
chacl -B acldir
|
|
chacl -R acldir/file2
|
|
echo "Note: Old interface would mean empty ACLs - now we show mode ACLs"
|
|
chacl -l file1 | _acl_filter_id
|
|
chacl -l acldir | _acl_filter_id
|
|
chacl -l acldir/file2 | _acl_filter_id
|
|
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Recursive change ACL ==="
|
|
rm -fr root
|
|
mkdir root
|
|
pushd root >/dev/null
|
|
# create an arbitrary little tree
|
|
for i in 1 2 3 4 5 6 7 8 9 0
|
|
do
|
|
mkdir -p a/$i
|
|
mkdir -p b/c$i/$i
|
|
touch a/$i/mumble
|
|
done
|
|
popd >/dev/null
|
|
chown -R 12345.54321 root
|
|
echo "Change #1..."
|
|
$runas -u 12345 -g 54321 -- `which chacl` -r u::rwx,g::-w-,o::--x root
|
|
find root -print | xargs chacl -l
|
|
echo "Change #2..."
|
|
$runas -u 12345 -g 54321 -- `which chacl` -r u::---,g::---,o::--- root
|
|
find root -print | xargs chacl -l
|
|
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Test out error messages for ACL text parsing ==="
|
|
echo "Note: Old interface gave more informative error msgs"
|
|
|
|
touch file1
|
|
set -x
|
|
chacl u file1
|
|
chacl u: file1
|
|
chacl u:rumpledumpleunknownuser file1
|
|
chacl u:rumpledumpleunknownuser: file1
|
|
chacl g:rumpledumpleunknowngrp file1
|
|
chacl g:rumpledumpleunknowngrp: file1
|
|
chacl o:user1:rwx file1
|
|
chacl m:user1:rwx file1
|
|
chacl a::rwx file1
|
|
set +x
|
|
|
|
#-------------------------------------------------------
|
|
|
|
echo ""
|
|
echo "=== Test out large ACLs ==="
|
|
touch largeaclfile
|
|
XFS_ACL_MAX_ENTRIES=25
|
|
num_aces_pre=`expr $XFS_ACL_MAX_ENTRIES - 1`
|
|
num_aces_post=`expr $XFS_ACL_MAX_ENTRIES + 1`
|
|
|
|
acl1=`_create_n_aces $num_aces_pre`
|
|
acl2=`_create_n_aces $XFS_ACL_MAX_ENTRIES`
|
|
acl3=`_create_n_aces $num_aces_post`
|
|
acl4=`_create_n_aces 16` # Andreas G. libacl size for initial get
|
|
acl5=`_create_n_aces 17` # 1 over A.G. libacl initial size
|
|
|
|
echo "1 below xfs acl max"
|
|
chacl $acl1 largeaclfile
|
|
getfacl --numeric largeaclfile | _filter_aces
|
|
|
|
echo "xfs acl max"
|
|
chacl $acl2 largeaclfile
|
|
getfacl --numeric largeaclfile | _filter_aces
|
|
|
|
echo "1 above xfs acl max"
|
|
chacl $acl3 largeaclfile
|
|
getfacl --numeric largeaclfile | _filter_aces
|
|
|
|
echo "use 16 aces"
|
|
chacl $acl4 largeaclfile
|
|
getfacl --numeric largeaclfile | _filter_aces
|
|
|
|
echo "use 17 aces"
|
|
chacl $acl5 largeaclfile
|
|
getfacl --numeric largeaclfile | _filter_aces
|
|
|
|
#-------------------------------------------------------
|
|
|
|
# success, all done
|
|
status=0
|
|
exit
|