1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or https://opensource.org/licenses/CDDL-1.0. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2013, 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib 33 34# 35# DESCRIPTION: 36# Scan the following permissions one by one to verify privileged user 37# has correct permission delegation in datasets. 38# 39# STRATEGY: 40# 1. Delegate all the permission one by one to user on dataset. 41# 2. Verify privileged user has correct permission without any other 42# permissions allowed. 43# 44 45verify_runnable "both" 46 47log_assert "Verify privileged user has correct permissions once which was "\ 48 "delegated to him in datasets" 49log_onexit restore_root_datasets 50 51if is_linux; then 52# 53# Results in Results in 54# Permission Filesystem Volume 55# 56# Removed for Linux: 57# - mount - mount(8) does not permit non-superuser mounts 58# - mountpoint - mount(8) does not permit non-superuser mounts 59# - canmount - mount(8) does not permit non-superuser mounts 60# - rename - mount(8) does not permit non-superuser mounts 61# - zoned - zones are not supported 62# - destroy - umount(8) does not permit non-superuser umounts 63# - sharenfs - sharing requires superuser privileges 64# - share - sharing requires superuser privileges 65# - readonly - mount(8) does not permit non-superuser remounts 66# 67set -A perms create true false \ 68 snapshot true true \ 69 send true true \ 70 allow true true \ 71 quota true false \ 72 reservation true true \ 73 dnodesize true false \ 74 recordsize true false \ 75 checksum true true \ 76 compression true true \ 77 atime true false \ 78 devices true false \ 79 exec true false \ 80 volsize false true \ 81 setuid true false \ 82 snapdir true false \ 83 userprop true true \ 84 aclinherit true false \ 85 rollback true true \ 86 clone true true \ 87 promote true true \ 88 xattr true false \ 89 receive true false 90 91elif is_freebsd; then 92# Results in Results in 93# Permission Filesystem Volume 94# 95# Removed for FreeBSD 96# - jailed - jailing requires superuser privileges 97# - sharenfs - sharing requires superuser privileges 98# - share - sharing requires superuser privileges 99# - xattr - Not supported on FreeBSD 100# 101set -A perms create true false \ 102 snapshot true true \ 103 mount true false \ 104 send true true \ 105 allow true true \ 106 quota true false \ 107 reservation true true \ 108 dnodesize true false \ 109 recordsize true false \ 110 mountpoint true false \ 111 checksum true true \ 112 compression true true \ 113 canmount true false \ 114 atime true false \ 115 devices true false \ 116 exec true false \ 117 volsize false true \ 118 setuid true false \ 119 readonly true true \ 120 snapdir true false \ 121 userprop true true \ 122 aclmode true false \ 123 aclinherit true false \ 124 rollback true true \ 125 clone true true \ 126 rename true true \ 127 promote true true \ 128 receive true false \ 129 destroy true true 130 131else 132 133set -A perms create true false \ 134 snapshot true true \ 135 mount true false \ 136 send true true \ 137 allow true true \ 138 quota true false \ 139 reservation true true \ 140 dnodesize true false \ 141 recordsize true false \ 142 mountpoint true false \ 143 checksum true true \ 144 compression true true \ 145 canmount true false \ 146 atime true false \ 147 devices true false \ 148 exec true false \ 149 volsize false true \ 150 setuid true false \ 151 readonly true true \ 152 snapdir true false \ 153 userprop true true \ 154 aclmode true false \ 155 aclinherit true false \ 156 rollback true true \ 157 clone true true \ 158 rename true true \ 159 promote true true \ 160 zoned true false \ 161 xattr true false \ 162 receive true false \ 163 destroy true true 164 165if is_global_zone; then 166 typeset -i n=${#perms[@]} 167 perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false" 168 perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false" 169fi 170fi 171 172for dtst in $DATASETS; do 173 typeset -i k=1 174 typeset type=$(get_prop type $dtst) 175 [[ $type == "volume" ]] && k=2 176 177 typeset -i i=0 178 while (( i < ${#perms[@]} )); do 179 log_must zfs allow $STAFF1 ${perms[$i]} $dtst 180 181 if [[ ${perms[((i+k))]} == "true" ]]; then 182 log_must verify_perm $dtst ${perms[$i]} $STAFF1 183 else 184 log_must verify_noperm $dtst ${perms[$i]} $STAFF1 185 fi 186 187 log_must restore_root_datasets 188 189 ((i += 3)) 190 done 191done 192 193log_pass "Verify privileged user has correct permissions " \ 194 "in datasets passed." 195