1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33 34# 35# DESCRIPTION: 36# Verify that the read_data/write_data/execute permission for 37# owner/group/everyone are correct. 38# 39# STRATEGY: 40# 1. Loop root and non-root user. 41# 2. Separated verify type@:access:allow|deny to file and directory 42# 3. To super user, read and write deny was override. 43# 4. According to ACE list and override rule, expect that 44# read/write/execute file or directory succeed or fail. 45# 46 47verify_runnable "both" 48 49# owner@ group_users other_users 50set -A users \ 51 "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \ 52 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1" 53 54# In order to test execute permission, read_data was need firstly. 55set -A a_access "read_data" "write_data" "read_data/execute" 56set -A a_flag "owner@" "group@" "everyone@" 57 58log_assert "Verify that the read_data/write_data/execute permission for" \ 59 "owner/group/everyone are correct." 60log_onexit cleanup 61 62function logname #node acl_spec user 63{ 64 typeset node=$1 65 typeset acl_spec=$2 66 typeset user=$3 67 68 # To super user, read and write deny permission was override. 69 if [[ $acl_spec == *:allow ]] || \ 70 [[ $user == root && -d $node ]] || \ 71 [[ $user == root && $acl_spec != *"execute"* ]] 72 then 73 print "log_must" 74 elif [[ $acl_spec == *:deny ]]; then 75 print "log_mustnot" 76 fi 77} 78 79function check_chmod_results #node acl_spec g_usr o_usr 80{ 81 typeset node=$1 82 typeset acl_spec=$2 83 typeset g_usr=$3 84 typeset o_usr=$4 85 typeset log 86 87 if [[ $acl_spec == "owner@:"* || $acl_spec == "everyone@:"* ]]; then 88 log=$(logname $node $acl_spec $ZFS_ACL_CUR_USER) 89 $log rwx_node $ZFS_ACL_CUR_USER $node $acl_spec 90 fi 91 if [[ $acl_spec == "group@:"* || $acl_spec == "everyone@:"* ]]; then 92 log=$(logname $node $acl_spec $g_usr) 93 $log rwx_node $g_usr $node $acl_spec 94 fi 95 if [[ $acl_spec == "everyone@"* ]]; then 96 log=$(logname $node $acl_spec $o_usr) 97 $log rwx_node $o_usr $node $acl_spec 98 fi 99} 100 101function test_chmod_basic_access #node group_user other_user 102{ 103 typeset node=$1 104 typeset g_usr=$2 105 typeset o_usr=$3 106 typeset flag access acl_spec 107 108 for flag in ${a_flag[@]}; do 109 for access in ${a_access[@]}; do 110 for tp in allow deny; do 111 acl_spec="$flag:$access:$tp" 112 log_must usr_exec chmod A+$acl_spec $node 113 check_chmod_results \ 114 $node $acl_spec $g_usr $o_usr 115 log_must usr_exec chmod A0- $node 116 done 117 done 118 done 119} 120 121typeset -i i=0 122while (( i < ${#users[@]} )); do 123 log_must set_cur_usr ${users[i]} 124 125 log_must usr_exec touch $testfile 126 test_chmod_basic_access $testfile ${users[((i+1))]} ${users[((i+2))]} 127 log_must usr_exec mkdir $testdir 128 test_chmod_basic_access $testdir ${users[((i+1))]} ${users[((i+2))]} 129 130 log_must usr_exec rm -rf $testfile $testdir 131 132 (( i += 3 )) 133done 134 135log_pass "Verify that the read_data/write_data/execute permission for" \ 136 "owner/group/everyone passed." 137