5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
24 # Copyright 2008 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
29 # Copyright 2016 Nexenta Systems, Inc.
32 .
$STF_SUITE/tests
/functional
/acl
/acl_common.kshlib
35 # Verify chmod have correct behaviour to directory and file when
36 # filesystem has the different aclinherit setting
39 # 1. Use both super user and non-super user to run the test case.
40 # 2. Create basedir and a set of subdirectores and files within it.
41 # 3. Separately chmod basedir with different inherite options,
42 # combine with the variable setting of aclinherit:
43 # "discard", "noallow", "restricted" or "passthrough".
44 # 4. Then create nested directories and files like the following.
48 # chmod --> basedir -|
56 # 5. Verify each directories and files have the correct access control
59 verify_runnable
"both"
63 [[ -f $ofile ]] && log_must
rm -f $ofile
64 [[ -d $odir ]] && log_must
rm -rf $odir
65 [[ -d $basedir ]] && log_must
rm -rf $basedir
68 log_assert
"Verify chmod have correct behaviour to directory and file when" \
69 "filesystem has the different aclinherit setting"
73 typeset aclinherit_flag
=("discard" "noallow" "restricted" "passthrough")
74 typeset object_flag
=("f-" "-d" "fd")
75 typeset strategy_flag
=("--" "i-" "-n" "in")
77 typeset ace_prefix1
="owner@"
78 typeset ace_prefix2
="group@"
79 typeset ace_prefix3
="everyone@"
81 # Define the base directory and file
82 basedir
=$TESTDIR/basedir
; ofile
=$TESTDIR/ofile
; odir
=$TESTDIR/odir
84 # Define the files and directories that will be created after chmod
85 ndir1
=$basedir/ndir1
; ndir2
=$ndir1/ndir2
; ndir3
=$ndir2/ndir3
86 nfile1
=$basedir/nfile1
; nfile2
=$ndir1/nfile2
; nfile3
=$ndir2/nfile3
88 # Verify all nodes have expected correct access control
89 allnodes
="$ndir1 $ndir2 $ndir3 $nfile1 $nfile2 $nfile3"
91 # According to inherited flag, verify subdirectories and files within it has
92 # correct inherited access control.
93 function verify_inherit
#<aclinherit> <object> [strategy]
95 # Define the nodes which will be affected by inherit.
101 log_must usr_exec mkdir
-p $ndir3
102 log_must usr_exec
touch $nfile1 $nfile2 $nfile3
104 # Check if we have any inheritance flags set
105 if [[ $obj != "--" ]]; then
106 # Files should have inherited ACEs only if file_inherit is set
107 if [[ ${obj:0:1} == "f" ]]; then
108 inherit_nodes
="$inherit_nodes $nfile1"
109 if [[ ${str:1:1} != "n" ]]; then
110 inherit_nodes
="$inherit_nodes $nfile2 $nfile3"
114 # Directories should have inherited ACEs if file_inherit without
115 # no_propagate and/or dir_inherit is set
116 if [[ (${obj:0:1} == "f" && ${str:1:1} != "n") ||
117 ${obj:1:1} == "d" ]]; then
118 inherit_nodes
="$inherit_nodes $ndir1"
119 if [[ ${str:1:1} != "n" ]]; then
120 inherit_nodes
="$inherit_nodes $ndir2 $ndir3"
125 for node
in $allnodes; do
126 typeset
-i i
=0 count
=0 inherited
=0
127 typeset expacl perm inh act
129 if [[ "$inherit_nodes" == *"$node"* ]]; then
133 while ((i
< $maxaces)); do
134 # If current node isn't in inherit list, there's
135 # nothing to check, skip to checking trivial ACL
136 if ((inherited
== 0)); then
137 ((count
= maxaces
+ 1))
144 # Do not inherit any ACEs
145 ((count
= maxaces
+ 1))
149 # Only inherit inheritable ACEs that specify
151 if [[ $expacl == *":allow" ]] ; then
157 # Remove write_acl and write_owner permissions
158 # when the ACEs is inherited
171 if [[ -d $node ]]; then
172 # Clear inheritance flags if no_propagate is set
173 if [[ ${str:1:1} == "n" ]]; then
177 # Set inherit_only if there's a file_inherit
178 # without dir_inherit
179 if [[ ${obj:0:1} == "f" &&
180 ${obj:1:1} != "d" ]]; then
181 expacl
="${expacl}i---I:$act"
183 expacl
="${expacl}----I:$act"
185 elif [[ -f $node ]] ; then
186 expacl
="$perm:------I:$act"
189 aclcur
=$
(get_ACE
$node $count compact
)
190 aclcur
=${aclcur#$count:}
191 if [[ -n $expacl && $expacl != $aclcur ]]; then
194 log_fail
"$inherit $i #$count" \
195 "expected: $expacl, current: $aclcur"
199 ((count
= count
+ 1))
202 # There were no non-trivial ACEs to check, do the trivial ones
203 if ((count
== maxaces
+ 1)); then
204 if [[ -d $node ]]; then
205 compare_acls
$node $odir
206 elif [[ -f $node ]]; then
207 compare_acls
$node $ofile
210 if [[ $?
-ne 0 ]]; then
213 log_fail
"unexpected acl: $node," \
221 typeset
-i i
=0 maxaces
=6
222 typeset acl0 acl1 acl2 acl3 acl4 acl5
223 typeset acls0 acls1 acls2 acls3 acls4 acls5
225 log_must zfs
set aclmode
=passthrough
$TESTPOOL/$TESTFS
227 for inherit
in "${aclinherit_flag[@]}"; do
228 log_must zfs
set aclinherit
=$inherit $TESTPOOL/$TESTFS
230 for user
in root
$ZFS_ACL_STAFF1; do
231 log_must set_cur_usr
$user
233 for obj
in "${object_flag[@]}"; do
234 for str
in "${strategy_flag[@]}"; do
236 ((${#str} != 0)) && inh_opt="${inh_opt}${str}--"
241 # deny - to verify "noallow
"
242 # write_acl/write_owner - to verify "restricted
"
243 acl0="$ace_prefix1:-------A-W-Co-:$inh_a:allow
"
244 acl1="$ace_prefix2:-------A-W-Co-:$inh_a:deny
"
245 acl2="$ace_prefix3:-------A-W-Co-:$inh_a:allow
"
246 acl3="$ace_prefix1:-------A-W----:$inh_a:deny
"
247 acl4="$ace_prefix2:-------A-W----:$inh_a:allow
"
248 acl5="$ace_prefix3:-------A-W----:$inh_a:deny
"
250 # ACEs filtered by write_acl/write_owner
251 acls0="$ace_prefix1:-------A-W----:$inh_b:allow
"
252 acls1="$ace_prefix2:-------A-W-Co-:$inh_b:deny
"
253 acls2="$ace_prefix3:-------A-W----:$inh_b:allow
"
254 acls3="$ace_prefix1:-------A-W----:$inh_b:deny
"
255 acls4="$ace_prefix2:-------A-W----:$inh_b:allow
"
256 acls5="$ace_prefix3:-------A-W----:$inh_b:deny
"
258 log_must usr_exec mkdir $basedir
259 log_must usr_exec mkdir $odir
260 log_must usr_exec touch $ofile
265 log_must usr_exec chmod A+$acl $basedir
269 verify_inherit $inherit $obj $str
271 log_must usr_exec rm -rf $ofile $odir $basedir
277 log_pass "Verify
chmod inherit behaviour co-op with aclinherit setting passed
"