1#!/usr/local/bin/ksh93 -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# $FreeBSD$ 24 25# 26# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 27# Use is subject to license terms. 28# 29# ident "@(#)zfs_allow_010_pos.ksh 1.3 07/07/31 SMI" 30# 31 32. $STF_SUITE/tests/delegate/delegate_common.kshlib 33 34################################################################################# 35# 36# __stc_assertion_start 37# 38# ID: zfs_allow_010_pos 39# 40# DESCRIPTION: 41# Scan the following permissions one by one to verify privileged user 42# has correct permission delegation in datasets. 43# 44# STRATEGY: 45# 1. Delegate all the permission one by one to user on dataset. 46# 2. Verify privileged user has correct permission without any other 47# permissions allowed. 48# 49# TESTABILITY: explicit 50# 51# TEST_AUTOMATION_LEVEL: automated 52# 53# CODING_STATUS: COMPLETED (2006-11-02) 54# 55# __stc_assertion_end 56# 57################################################################################ 58 59verify_runnable "both" 60 61log_assert "Verify privileged user has correct permissions once which was "\ 62 "delegated to him in datasets" 63log_onexit restore_root_datasets 64 65# 66# Results in Results in 67# Permission Filesystem Volume 68# 69set -A perms create true false \ 70 snapshot true true \ 71 mount true false \ 72 send true true \ 73 allow true true \ 74 quota true false \ 75 reservation true true \ 76 recordsize true false \ 77 mountpoint true false \ 78 checksum true true \ 79 compression true true \ 80 canmount true false \ 81 atime true false \ 82 devices true false \ 83 exec true false \ 84 volsize false true \ 85 setuid true false \ 86 readonly true true \ 87 snapdir true false \ 88 userprop true true \ 89 aclmode true false \ 90 aclinherit true false \ 91 rollback true true \ 92 clone true true \ 93 rename true true \ 94 promote true true \ 95 zoned true false \ 96 shareiscsi true true \ 97 xattr true false \ 98 receive true false \ 99 destroy true true 100if is_global_zone; then 101 typeset -i n=${#perms[@]} 102 perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false" 103 perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false" 104fi 105 106for dtst in $DATASETS; do 107 typeset -i k=1 108 typeset type=$(get_prop type $dtst) 109 [[ $type == "volume" ]] && k=2 110 111 typeset -i i=0 112 while (( i < ${#perms[@]} )); do 113 log_must $ZFS allow $STAFF1 ${perms[$i]} $dtst 114 115 if [[ ${perms[((i+k))]} == "true" ]]; then 116 log_must verify_perm $dtst ${perms[$i]} $STAFF1 117 else 118 log_must verify_noperm $dtst ${perms[$i]} $STAFF1 119 fi 120 121 log_must restore_root_datasets 122 123 ((i += 3)) 124 done 125done 126 127log_pass "Verify privileged user has correct permissions " \ 128 "in datasets passed." 129