1f38cb554SJohn Wren Kennedy#!/bin/ksh -p 2f38cb554SJohn Wren Kennedy# 3f38cb554SJohn Wren Kennedy# CDDL HEADER START 4f38cb554SJohn Wren Kennedy# 5f38cb554SJohn Wren Kennedy# The contents of this file are subject to the terms of the 6f38cb554SJohn Wren Kennedy# Common Development and Distribution License (the "License"). 7f38cb554SJohn Wren Kennedy# You may not use this file except in compliance with the License. 8f38cb554SJohn Wren Kennedy# 9f38cb554SJohn Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10f38cb554SJohn Wren Kennedy# or http://www.opensolaris.org/os/licensing. 11f38cb554SJohn Wren Kennedy# See the License for the specific language governing permissions 12f38cb554SJohn Wren Kennedy# and limitations under the License. 13f38cb554SJohn Wren Kennedy# 14f38cb554SJohn Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each 15f38cb554SJohn Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16f38cb554SJohn Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the 17f38cb554SJohn Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying 18f38cb554SJohn Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner] 19f38cb554SJohn Wren Kennedy# 20f38cb554SJohn Wren Kennedy# CDDL HEADER END 21f38cb554SJohn Wren Kennedy# 22f38cb554SJohn Wren Kennedy 23f38cb554SJohn Wren Kennedy# 24f38cb554SJohn Wren Kennedy# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25f38cb554SJohn Wren Kennedy# Use is subject to license terms. 26f38cb554SJohn Wren Kennedy# 27f38cb554SJohn Wren Kennedy 28f38cb554SJohn Wren Kennedy# 291d32ba66SJohn Wren Kennedy# Copyright (c) 2013, 2016 by Delphix. All rights reserved. 30*51463258SBill Sommerfeld# Copyright 2023 Bill Sommerfeld <sommerfeld@alum.mit.edu> 31f38cb554SJohn Wren Kennedy# 32f38cb554SJohn Wren Kennedy 33f38cb554SJohn Wren Kennedy. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib 34f38cb554SJohn Wren Kennedy 35f38cb554SJohn Wren Kennedy# 36f38cb554SJohn Wren Kennedy# DESCRIPTION: 37f38cb554SJohn Wren Kennedy# Verify the permissions set will be masked on its descendent 38f38cb554SJohn Wren Kennedy# datasets by same name set. 39f38cb554SJohn Wren Kennedy# 40f38cb554SJohn Wren Kennedy# STRATEGY: 41f38cb554SJohn Wren Kennedy# 1. Create $ROOT_TESTFS/childfs 42f38cb554SJohn Wren Kennedy# 2. Set permission $perms1 to @set on $ROOT_TESTFS 43f38cb554SJohn Wren Kennedy# 3. Reset permission $perms2 to @set on $ROOT_TESTFS/childfs 44f38cb554SJohn Wren Kennedy# 4. Allow @set to $STAFF1 on $ROOT_TESTFS/childfs 45f38cb554SJohn Wren Kennedy# 5. Verify $perms2 is delegated on $ROOT_TESTFS/childfs and its 46f38cb554SJohn Wren Kennedy# descendent. 47f38cb554SJohn Wren Kennedy# 6. Allow @set to $STAFF1 on $ROOT_TESTFS 48f38cb554SJohn Wren Kennedy# 7. Verify $perms1 is not appended to $STAFF1 on $ROOT_TESTFS/childfs and 49f38cb554SJohn Wren Kennedy# its descendent since it is masked 50f38cb554SJohn Wren Kennedy# 51f38cb554SJohn Wren Kennedy 52f38cb554SJohn Wren Kennedyverify_runnable "both" 53f38cb554SJohn Wren Kennedy 54f38cb554SJohn Wren Kennedylog_assert "Verify permission set can be masked on descendent dataset." 55f38cb554SJohn Wren Kennedylog_onexit restore_root_datasets 56f38cb554SJohn Wren Kennedy 57f38cb554SJohn Wren Kennedytypeset perms1="snapshot,reservation,compression" 58f38cb554SJohn Wren Kennedyeval set -A dataset $DATASETS 59f38cb554SJohn Wren Kennedytypeset perms2="checksum,send,userprop" 60f38cb554SJohn Wren Kennedy 61f38cb554SJohn Wren Kennedy# 62f38cb554SJohn Wren Kennedy# Define three level filesystems 63f38cb554SJohn Wren Kennedy# 64f38cb554SJohn Wren Kennedychildfs=$ROOT_TESTFS/childfs 65f38cb554SJohn Wren Kennedygrandchild=$childfs/grandchild 661d32ba66SJohn Wren Kennedylog_must zfs create $childfs 671d32ba66SJohn Wren Kennedylog_must zfs create $grandchild 68f38cb554SJohn Wren Kennedy 69f38cb554SJohn Wren Kennedy# 70f38cb554SJohn Wren Kennedy# Setting different permissions to the same set on two level. 71f38cb554SJohn Wren Kennedy# But only assign the user at one level. 72f38cb554SJohn Wren Kennedy# 731d32ba66SJohn Wren Kennedylog_must zfs allow -s @set $perms1 $ROOT_TESTFS 741d32ba66SJohn Wren Kennedylog_must zfs allow -s @set $perms2 $childfs 751d32ba66SJohn Wren Kennedylog_must zfs allow $STAFF1 @set $childfs 76f38cb554SJohn Wren Kennedy 77f38cb554SJohn Wren Kennedy# 78*51463258SBill Sommerfeld# Verify section header is correct in output 79*51463258SBill Sommerfeld# 80*51463258SBill Sommerfeld 81*51463258SBill Sommerfeldtypeset sortedperms=$(echo "$perms1" | tr ',' '\n' | 82*51463258SBill Sommerfeld sort | tr '\n' ',' | sed 's/,$//') 83*51463258SBill Sommerfeldverify_allow_output $ROOT_TESTFS \ 84*51463258SBill Sommerfeld "Permission sets" "@set $sortedperms" 85*51463258SBill Sommerfeld 86*51463258SBill Sommerfeld# 87f38cb554SJohn Wren Kennedy# Verify only perms2 is valid to user on the level which he was assigned. 88f38cb554SJohn Wren Kennedy# 89f38cb554SJohn Wren Kennedylog_must verify_noperm $ROOT_TESTFS $perms1 $STAFF1 90f38cb554SJohn Wren Kennedyfor fs in $childfs $grandchild ; do 91f38cb554SJohn Wren Kennedy log_must verify_noperm $fs $perms1 $STAFF1 92f38cb554SJohn Wren Kennedy log_must verify_perm $fs $perms2 $STAFF1 93f38cb554SJohn Wren Kennedydone 94f38cb554SJohn Wren Kennedy 95f38cb554SJohn Wren Kennedy# 96f38cb554SJohn Wren Kennedy# Delegate @set to STAFF1 on ROOT_TESTFS, verify $perms1 will not be appended 97f38cb554SJohn Wren Kennedy# to its descendent datasets since it is masked 98f38cb554SJohn Wren Kennedy# 991d32ba66SJohn Wren Kennedylog_must zfs allow $STAFF1 @set $ROOT_TESTFS 100f38cb554SJohn Wren Kennedylog_must verify_perm $ROOT_TESTFS $perms1 $STAFF1 101f38cb554SJohn Wren Kennedyfor fs in $childfs $grandchild ; do 102f38cb554SJohn Wren Kennedy log_must verify_noperm $fs $perms1 $STAFF1 103f38cb554SJohn Wren Kennedy log_must verify_perm $fs $perms2 $STAFF1 104f38cb554SJohn Wren Kennedydone 105f38cb554SJohn Wren Kennedy 106f38cb554SJohn Wren Kennedy# Remove the mask, $perms1 will be allowed to its descendent datasets 1071d32ba66SJohn Wren Kennedylog_must zfs unallow -s @set $childfs 108f38cb554SJohn Wren Kennedyfor fs in $childfs $grandchild ; do 109f38cb554SJohn Wren Kennedy log_must verify_noperm $fs $perms2 $STAFF1 110f38cb554SJohn Wren Kennedy log_must verify_perm $fs $perms1 $STAFF1 111f38cb554SJohn Wren Kennedydone 112f38cb554SJohn Wren Kennedy 113f38cb554SJohn Wren Kennedylog_pass "Verify permission set can be masked on descendent dataset pass." 114