1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28. $STF_SUITE/include/libtest.shlib
29. $STF_SUITE/tests/functional/acl/acl_common.kshlib
30
31#
32# Copyright (c) 2012 by Delphix. All rights reserved.
33#
34
35#
36# DESCRIPTION:
37#	Verify that user can access file/directory if acltype=posix.
38#
39# STRATEGY:
40#	1. Test access to file (mode=rw-)
41#	   a. Can modify file
42#	   b. Can't create new file
43#	   b. Can't execute file
44#
45
46verify_runnable "both"
47
48function cleanup
49{
50	rmdir $TESTDIR/dir.0
51}
52
53log_assert "Verify acltype=posix works on file"
54log_onexit cleanup
55
56# Test access to FILE
57log_note "Testing access to FILE"
58log_must touch $TESTDIR/file.0
59log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0
60getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \
61    "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
62if [ "$?" -eq "0" ]; then
63	# Should be able to write to file
64	log_must user_run $ZFS_ACL_STAFF1 \
65	    "echo 'echo test > /dev/null' > $TESTDIR/file.0"
66
67	# Since $TESTDIR is 777, create a new dir with controlled permissions
68	# for testing that creating a new file is not allowed.
69	log_must mkdir $TESTDIR/dir.0
70	log_must chmod 700 $TESTDIR/dir.0
71	log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0
72	# Confirm permissions
73	ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+"
74	if [ "$?" -ne "0" ]; then
75		msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
76		log_note "expected mask drwxrw----+ but found $msk"
77		log_fail "Expected permissions were not set."
78	fi
79	getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
80	    "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
81	if [ "$?" -ne "0" ]; then
82		acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
83		log_note $acl
84		log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set."
85	fi
86	# Should NOT be able to create new file
87	log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1"
88
89	# Root should be able to run file, but not user
90	chmod +x $TESTDIR/file.0
91	log_must $TESTDIR/file.0
92	log_mustnot user_run $ZFS_ACL_STAFF1 $TESTDIR/file.0
93
94	log_pass "POSIX ACL mode works on files"
95else
96	log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rw' as specified"
97fi
98