search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
7290 ZFS test suite needs to control what utilities it can run
[unleashed.git] / usr / src / test / zfs-tests / tests / functional / acl / nontrivial / zfs_acl_chmod_rwacl_001_pos.ksh
blob845c2b64b83388c1727871fc46e23ffd559b45c5
1 #!/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 #
29 # Copyright (c) 2016 by Delphix. All rights reserved.
30 #
31
32 . $STF_SUITE/tests/functional/acl/acl_common.kshlib
33
34 #
35 # DESCRIPTION:
36 # Verify assigned read_acl/write_acl to owner@/group@/everyone@,
37 # specificied user and group. File have the correct access permission.
38 #
39 # STRATEGY:
40 # 1. Separatedly verify file and directory was assigned read_acl/write_acl
41 # by root and non-root user.
42 # 2. Verify owner always can read and write acl, even deny.
43 # 3. Verify group access permission, when group was assigned
44 # read_acl/write_acl.
45 # 4. Verify access permission, after everyone was assigned read_acl/write.
46 # 5. Verify everyone@ was deny except specificied user, this user can read
47 # and write acl.
48 # 6. Verify the group was deny except specified user, this user can read
49 # and write acl
50 #
51
52 verify_runnable "both"
53
54 log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \
55 "behaviour to access permission."
56 log_onexit cleanup
57
58 function read_ACL #<node> <user1> <user2> ...
59 {
60 typeset node=$1
61 typeset user
62 typeset -i ret
63
64 shift
65 for user in $@; do
66 chgusr_exec $user ls -vd $node > /dev/null 2>&1
67 ret=$?
68 (( ret != 0 )) && return $ret
69
70 shift
71 done
72
73 return 0
74 }
75
76 function write_ACL #<node> <user1> <user2> ...
77 {
78 typeset node=$1
79 typeset user
80 typeset -i ret before_cnt after_cnt
81
82 shift
83 for user in "$@"; do
84 before_cnt=$(count_ACE $node)
85 ret=$?;
86 (( ret != 0 )) && return $ret
87
88 chgusr_exec $user chmod A0+owner@:read_data:allow $node
89 ret=$?
90 (( ret != 0 )) && return $ret
91
92 after_cnt=$(count_ACE $node)
93 ret=$?
94 (( ret != 0 )) && return $ret
95
96 chgusr_exec $user chmod A0- $node
97 ret=$?
98 (( ret != 0 )) && return $ret
99
100 if (( after_cnt - before_cnt != 1 )); then
101 return 1
102 fi
103
104 shift
105 done
106
107 return 0
108 }
109
110 function check_owner #<node>
111 {
112 typeset node=$1
113
114 for acc in allow deny; do
115 log_must usr_exec \
116 chmod A0+owner@:read_acl/write_acl:$acc $node
117 log_must read_ACL $node $ZFS_ACL_CUR_USER
118 log_must write_ACL $node $ZFS_ACL_CUR_USER
119 log_must usr_exec chmod A0- $node
120 done
121 }
122
123 function check_group #<node>
124 {
125 typeset node=$1
126
127 typeset grp_usr=""
128 if [[ $ZFS_ACL_CUR_USER == root ]]; then
129 grp_usr=$ZFS_ACL_ADMIN
130 elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then
131 grp_usr=$ZFS_ACL_STAFF2
132 fi
133
134 log_must usr_exec chmod A0+group@:read_acl/write_acl:allow $node
135 log_must read_ACL $node $grp_usr
136 log_must write_ACL $node $grp_usr
137 log_must usr_exec chmod A0- $node
138
139 log_must usr_exec chmod A0+group@:read_acl/write_acl:deny $node
140 log_mustnot read_ACL $node $grp_usr
141 log_mustnot write_ACL $node $grp_usr
142 log_must usr_exec chmod A0- $node
143 }
144
145 function check_everyone #<node>
146 {
147 typeset node=$1
148
149 typeset flag
150 for flag in allow deny; do
151 if [[ $flag == allow ]]; then
152 log=log_must
153 else
154 log=log_mustnot
155 fi
156
157 log_must usr_exec \
158 chmod A0+everyone@:read_acl/write_acl:$flag $node
159
160 $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
161 $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
162
163 log_must usr_exec chmod A0- $node
164 done
165 }
166
167 function check_spec_user #<node>
168 {
169 typeset node=$1
170
171 log_must usr_exec chmod A0+everyone@:read_acl/write_acl:deny $node
172 log_must usr_exec \
173 chmod A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
174
175 # The specified user can read and write acl
176 log_must read_ACL $node $ZFS_ACL_OTHER1
177 log_must write_ACL $node $ZFS_ACL_OTHER1
178
179 # All the other user can't read and write acl
180 log_mustnot \
181 read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
182 log_mustnot \
183 write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
184
185 log_must usr_exec chmod A0- $node
186 log_must usr_exec chmod A0- $node
187 }
188
189 function check_spec_group #<node>
190 {
191 typeset node=$1
192
193 log_must usr_exec chmod A0+everyone@:read_acl/write_acl:deny $node
194 log_must usr_exec chmod \
195 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node
196
197 # The specified group can read and write acl
198 log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
199 log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
200
201 # All the other user can't read and write acl
202 log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
203 log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
204 }
205
206 function check_user_in_group #<node>
207 {
208 typeset node=$1
209
210 log_must usr_exec chmod \
211 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node
212 log_must usr_exec chmod \
213 A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
214 log_must read_ACL $node $ZFS_ACL_OTHER1
215 log_must write_ACL $node $ZFS_ACL_OTHER1
216 log_mustnot read_ACL $node $ZFS_ACL_OTHER2
217 log_mustnot write_ACL $node $ZFS_ACL_OTHER2
218
219 log_must usr_exec chmod A0- $node
220 log_must usr_exec chmod A0- $node
221 }
222
223 set -A func_name check_owner \
224 check_group \
225 check_everyone \
226 check_spec_user \
227 check_spec_group \
228 check_user_in_group
229
230 for user in root $ZFS_ACL_STAFF1; do
231 log_must set_cur_usr $user
232
233 log_must usr_exec touch $testfile
234 log_must usr_exec mkdir $testdir
235
236 typeset func node
237 for func in ${func_name[@]}; do
238 for node in $testfile $testdir; do
239 eval $func \$node
240 done
241 done
242
243 log_must usr_exec rm -rf $testfile $testdir
244 done
245
246 log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed."
Unleashed OS