1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26 27. $STF_SUITE/tests/acl/acl_common.kshlib 28 29################################################################################# 30# 31# __stc_assertion_start 32# 33# ID: zfs_acl_chmod_rwx_004_pos 34# 35# DESCRIPTION: 36# Verify that explicit ACL setting to specified user or group will 37# override existed access rule. 38# 39# STRATEGY: 40# 1. Loop root and non-root user. 41# 2. Loop the specified access one by one. 42# 3. Loop verify explicit ACL set to specified user and group. 43# 44# TESTABILITY: explicit 45# 46# TEST_AUTOMATION_LEVEL: automated 47# 48# CODING_STATUS: COMPLETED (2005-10-14) 49# 50# __stc_assertion_end 51# 52################################################################################ 53 54verify_runnable "both" 55 56function check_access #log user node access rflag 57{ 58 typeset log=$1 59 typeset user=$2 60 typeset node=$3 61 typeset access=$4 62 typeset rflag=$5 63 64 if [[ $rflag == "allow" && $access == execute ]]; then 65 rwx_node $user $node $access 66 # 67 # When everyone@ were deny, this file can't execute. 68 # So,'cannot execute' means user has the permission to 69 # execute, just the file can't be execute. 70 # 71 if [[ $ZFS_ACL_ERR_STR == *"cannot execute" ]]; then 72 log_note "SUCCESS: rwx_node $user $node $access" 73 else 74 log_fail "FAIL: rwx_node $user $node $access" 75 fi 76 else 77 $log rwx_node $user $node $access 78 fi 79} 80 81function verify_explicit_ACL_rule #node access flag 82{ 83 set -A a_access "read_data" "write_data" "execute" 84 typeset node=$1 85 typeset access=$2 86 typeset flag=$3 87 typeset log rlog rflag 88 89 # Get the expect log check 90 if [[ $flag == allow ]]; then 91 log=log_mustnot 92 rlog=log_must 93 rflag=deny 94 else 95 log=log_must 96 rlog=log_mustnot 97 rflag=allow 98 fi 99 100 log_must usr_exec $CHMOD A+everyone@:$access:$flag $node 101 log_must usr_exec $CHMOD A+user:$ZFS_ACL_OTHER1:$access:$rflag $node 102 check_access $log $ZFS_ACL_OTHER1 $node $access $rflag 103 log_must usr_exec $CHMOD A0- $node 104 105 log_must usr_exec \ 106 $CHMOD A+group:$ZFS_ACL_OTHER_GROUP:$access:$rflag $node 107 check_access $log $ZFS_ACL_OTHER1 $node $access $rflag 108 check_access $log $ZFS_ACL_OTHER2 $node $access $rflag 109 log_must usr_exec $CHMOD A0- $node 110 log_must usr_exec $CHMOD A0- $node 111 112 log_must usr_exec \ 113 $CHMOD A+group:$ZFS_ACL_OTHER_GROUP:$access:$flag $node 114 log_must usr_exec $CHMOD A+user:$ZFS_ACL_OTHER1:$access:$rflag $node 115 $log rwx_node $ZFS_ACL_OTHER1 $node $access 116 $rlog rwx_node $ZFS_ACL_OTHER2 $node $access 117 log_must usr_exec $CHMOD A0- $node 118 log_must usr_exec $CHMOD A0- $node 119} 120 121log_assert "Verify that explicit ACL setting to specified user or group will" \ 122 "override existed access rule." 123log_onexit cleanup 124 125set -A a_access "read_data" "write_data" "execute" 126set -A a_flag "allow" "deny" 127typeset node 128 129test_requires ZFS_ACL 130 131for user in root $ZFS_ACL_STAFF1; do 132 log_must set_cur_usr $user 133 134 log_must usr_exec $TOUCH $testfile 135 log_must usr_exec $MKDIR $testdir 136 log_must usr_exec $CHMOD 755 $testfile $testdir 137 138 for node in $testfile $testdir; do 139 for access in ${a_access[@]}; do 140 for flag in ${a_flag[@]}; do 141 verify_explicit_ACL_rule $node $access $flag 142 done 143 done 144 done 145 146 log_must usr_exec $RM -rf $testfile $testdir 147done 148 149log_pass "Explicit ACL setting to specified user or group will override " \ 150 "existed access rule passed." 151