1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2013, 2016 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib 33 34# 35# DESCRIPTION: 36# Scan the following permissions one by one to verify privileged user 37# has correct permission delegation in datasets. 38# 39# STRATEGY: 40# 1. Delegate all the permission one by one to user on dataset. 41# 2. Verify privileged user has correct permission without any other 42# permissions allowed. 43# 44 45verify_runnable "both" 46 47log_assert "Verify privileged user has correct permissions once which was "\ 48 "delegated to him in datasets" 49log_onexit restore_root_datasets 50 51# 52# Results in Results in 53# Permission Filesystem Volume 54# 55set -A perms create true false \ 56 snapshot true true \ 57 mount true false \ 58 send true true \ 59 allow true true \ 60 quota true false \ 61 reservation true true \ 62 recordsize true false \ 63 mountpoint true false \ 64 checksum true true \ 65 compression true true \ 66 canmount true false \ 67 atime true false \ 68 devices true false \ 69 exec true false \ 70 volsize false true \ 71 setuid true false \ 72 readonly true true \ 73 snapdir true false \ 74 userprop true true \ 75 aclmode true false \ 76 aclinherit true false \ 77 rollback true true \ 78 clone true true \ 79 rename true true \ 80 promote true true \ 81 zoned true false \ 82 xattr true false \ 83 receive true false \ 84 destroy true true 85if is_global_zone; then 86 typeset -i n=${#perms[@]} 87 perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false" 88 perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false" 89fi 90 91for dtst in $DATASETS; do 92 typeset -i k=1 93 typeset type=$(get_prop type $dtst) 94 [[ $type == "volume" ]] && k=2 95 96 typeset -i i=0 97 while (( i < ${#perms[@]} )); do 98 log_must zfs allow $STAFF1 ${perms[$i]} $dtst 99 100 if [[ ${perms[((i+k))]} == "true" ]]; then 101 log_must verify_perm $dtst ${perms[$i]} $STAFF1 102 else 103 log_must verify_noperm $dtst ${perms[$i]} $STAFF1 104 fi 105 106 log_must restore_root_datasets 107 108 ((i += 3)) 109 done 110done 111 112log_pass "Verify privileged user has correct permissions " \ 113 "in datasets passed." 114