1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28. $STF_SUITE/include/libtest.shlib 29. $STF_SUITE/tests/functional/acl/acl_common.kshlib 30 31# 32# Copyright (c) 2012 by Delphix. All rights reserved. 33# 34 35# 36# DESCRIPTION: 37# Verify that user can access file/directory if acltype=posix. 38# 39# STRATEGY: 40# 1. Test access to file (mode=rw-) 41# a. Can modify file 42# b. Can't create new file 43# b. Can't execute file 44# 45 46verify_runnable "both" 47 48function cleanup 49{ 50 rmdir $TESTDIR/dir.0 51} 52 53log_assert "Verify acltype=posix works on file" 54log_onexit cleanup 55 56# Test access to FILE 57log_note "Testing access to FILE" 58log_must touch $TESTDIR/file.0 59log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0 60getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \ 61 "^group:$ZFS_ACL_STAFF_GROUP:rw-$" 62if [ "$?" -eq "0" ]; then 63 # Should be able to write to file 64 log_must user_run $ZFS_ACL_STAFF1 \ 65 "echo 'echo test > /dev/null' > $TESTDIR/file.0" 66 67 # Since $TESTDIR is 777, create a new dir with controlled permissions 68 # for testing that creating a new file is not allowed. 69 log_must mkdir $TESTDIR/dir.0 70 log_must chmod 700 $TESTDIR/dir.0 71 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0 72 # Confirm permissions 73 ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+" 74 if [ "$?" -ne "0" ]; then 75 msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}') 76 log_note "expected mask drwxrw----+ but found $msk" 77 log_fail "Expected permissions were not set." 78 fi 79 getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \ 80 "^group:$ZFS_ACL_STAFF_GROUP:rw-$" 81 if [ "$?" -ne "0" ]; then 82 acl=$(getfacl $TESTDIR/dir.0 2> /dev/null) 83 log_note $acl 84 log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set." 85 fi 86 # Should NOT be able to create new file 87 log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1" 88 89 # Root should be able to run file, but not user 90 chmod +x $TESTDIR/file.0 91 log_must $TESTDIR/file.0 92 log_mustnot user_run $ZFS_ACL_STAFF1 $TESTDIR/file.0 93 94 log_pass "POSIX ACL mode works on files" 95else 96 log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rw' as specified" 97fi 98