1#!/usr/local/bin/ksh93 -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27# ident	"@(#)zfs_allow_003_pos.ksh	1.4	09/08/06 SMI"
28#
29
30. $STF_SUITE/tests/delegate/delegate_common.kshlib
31
32#################################################################################
33#
34# __stc_assertion_start
35#
36# ID: zfs_allow_003_pos
37#
38# DESCRIPTION:
39#	Verify option '-l' only allow permission to the dataset itself.
40#
41# STRATEGY:
42#	1. Create descendent datasets of $ROOT_TESTFS
43#	2. Select user, group and everyone and set local permission separately.
44#	3. Set locally permissions to $ROOT_TESTFS or $ROOT_TESTVOL.
45#	4. Verify the permissions are only allow on $ROOT_TESTFS or
46#	   $ROOT_TESTVOL.
47#
48# TESTABILITY: explicit
49#
50# TEST_AUTOMATION_LEVEL: automated
51#
52# CODING_STATUS: COMPLETED (2006-09-19)
53#
54# __stc_assertion_end
55#
56################################################################################
57
58verify_runnable "both"
59
60log_assert "Verify option '-l' only allow permission to the dataset itself."
61
62childfs=$ROOT_TESTFS/childfs
63
64eval set -A dataset $DATASETS
65enc=$(get_prop encryption $dataset)
66if [[ $? -eq 0 ]] && [[ -n "$enc" ]] && [[ "$enc" != "off" ]]; then
67	typeset perms="snapshot,reservation,compression,allow,\
68userprop"
69else
70	typeset perms="snapshot,reservation,compression,checksum,\
71allow,userprop"
72fi
73
74log_must $ZFS create $childfs
75
76for dtst in $DATASETS ; do
77	log_must $ZFS allow -l $STAFF1 $perms $dtst
78	log_must verify_perm $dtst $perms $STAFF1
79	if [[ $dtst == $ROOT_TESTFS ]] ; then
80		log_must verify_noperm $childfs $perms \
81			$STAFF1 $STAFF2 $OTHER1 $OTHER2
82	fi
83done
84
85log_must restore_root_datasets
86
87log_must $ZFS create $childfs
88for dtst in $DATASETS ; do
89	log_must $ZFS allow -l -g $STAFF_GROUP $perms $dtst
90	log_must verify_perm $dtst $perms $STAFF1 $STAFF2
91	if [[ $dtst == $ROOT_TESTFS ]] ; then
92		log_must verify_noperm $childfs $perms \
93			$STAFF1 $STAFF2 $OTHER1 $OTHER2
94	fi
95done
96
97log_must restore_root_datasets
98
99log_must $ZFS create $childfs
100for dtst in $DATASETS ; do
101	log_must $ZFS allow -l -e $perms $dtst
102	log_must verify_perm $dtst $perms $STAFF1 $STAFF2 $OTHER1 $OTHER2
103	if [[ $dtst == $ROOT_TESTFS ]] ; then
104		log_must verify_noperm $childfs $perms \
105			$STAFF1 $STAFF2 $OTHER1 $OTHER2
106	fi
107done
108
109log_pass "Verify option '-l' only allow permission to the dataset itself pass."
110