1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or https://opensource.org/licenses/CDDL-1.0. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2008 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28. $STF_SUITE/include/libtest.shlib 29. $STF_SUITE/tests/functional/acl/acl_common.kshlib 30 31# 32# Copyright (c) 2012 by Delphix. All rights reserved. 33# 34 35# 36# DESCRIPTION: 37# Verify that user can access file/directory if acltype=posix. 38# 39# STRATEGY: 40# 1. Test access to file (mode=rw-) 41# a. Can modify file 42# b. Can't create new file 43# b. Can't execute file 44# 45 46verify_runnable "both" 47 48function cleanup 49{ 50 rmdir $TESTDIR/dir.0 51} 52 53log_assert "Verify acltype=posix works on file" 54log_onexit cleanup 55 56# Test access to FILE 57log_note "Testing access to FILE" 58log_must touch $TESTDIR/file.0 59log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0 60if ! getfacl $TESTDIR/file.0 2> /dev/null | 61 grep -qFx "group:$ZFS_ACL_STAFF_GROUP:rw-" 62then 63 log_note "$(getfacl $TESTDIR/file.0 2> /dev/null)" 64 log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rw' as specified" 65fi 66 67# Should be able to write to file 68log_must user_run $ZFS_ACL_STAFF1 \ 69 "echo 'echo test > /dev/null' > $TESTDIR/file.0" 70 71# Since $TESTDIR is 777, create a new dir with controlled permissions 72# for testing that creating a new file is not allowed. 73log_must mkdir $TESTDIR/dir.0 74log_must chmod 700 $TESTDIR/dir.0 75log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0 76# Confirm permissions 77msk=$(ls -ld $TESTDIR/dir.0 | awk '{print $1}') 78if ! [ "$msk" = "drwxrw----+" ]; then 79 log_note "expected mask drwxrw----+ but found $msk" 80 log_fail "Expected permissions were not set." 81fi 82 83if ! getfacl $TESTDIR/dir.0 2> /dev/null | 84 grep -qFx "group:$ZFS_ACL_STAFF_GROUP:rw-" 85then 86 log_note "$(getfacl $TESTDIR/dir.0 2> /dev/null)" 87 log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set." 88fi 89# Should NOT be able to create new file 90log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1" 91 92# Root should be able to run file, but not user 93chmod +x $TESTDIR/file.0 94log_must $TESTDIR/file.0 95log_mustnot user_run $ZFS_ACL_STAFF1 $TESTDIR/file.0 96 97log_pass "POSIX ACL mode works on files" 98