5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
29 # Copyright 2016 Nexenta Systems, Inc.
32 .
$STF_SUITE/tests
/functional
/acl
/acl_common.kshlib
35 # Verify that the combined delete_child/delete permission for
36 # owner/group/everyone are correct.
38 # -------------------------------------------------------
39 # | Parent Dir | Target Object Permissions |
41 # -------------------------------------------------------
42 # | | ACL Allows | ACL Denies| Delete |
43 # | | Delete | Delete | unspecified|
44 # -------------------------------------------------------
45 # | ACL Denies | Permit | Deny | Deny |
46 # | DELETE_CHILD | | | |
47 # | or WRITE_DATA | | | |
48 # -------------------------------------------------------
49 # | ACL Allows | Permit | Deny | Permit |
50 # | DELETE_CHILD | | | |
51 # | or WRITE_DATA | | | |
52 # -------------------------------------------------------
55 # 1. Create file and directory in zfs filesystem
56 # 2. Set special ACE combination to the file and directory
57 # 3. Try to remove the file
58 # 4. Verify that combined permissions for owner/group/everyone are correct.
60 verify_runnable
"both"
64 if [[ ! -e $target ]]; then
65 log_must
$TAR xpf
$TESTDIR/$ARCHIVEFILE
68 (( ${#cwd} != 0 )) && cd $cwd
69 cleanup_test_files
$TESTDIR/basedir
70 if [[ -e $TESTDIR/$ARCHIVEFILE ]]; then
71 log_must
$RM -f $TESTDIR/$ARCHIVEFILE
76 #owner@ group group_users other_users
78 "root" "root" "$ZFS_ACL_ADMIN" "$ZFS_ACL_OTHER1" \
79 "$ZFS_ACL_STAFF1" "$ZFS_ACL_STAFF_GROUP" "$ZFS_ACL_STAFF2" "$ZFS_ACL_OTHER1"
81 set -A access_parent \
82 "delete_child:allow" \
86 "delete_child:deny write_data:allow" \
87 "delete_child:allow write_data:deny"
89 set -A access_target \
94 set -A a_flag
"owner@" "group@" "everyone@" "user:$ZFS_ACL_STAFF1"
96 log_assert
"Verify that the combined delete_child/delete permission for" \
97 "owner/group/everyone are correct."
100 function operate_node
#user node
106 if [[ $user == "" ||
$node == "" ]]; then
107 log_fail
"user, node are not defined."
109 if [[ -d $node ]]; then
110 chgusr_exec
$user $RM -rf $node ; ret
=$?
112 chgusr_exec
$user $RM -f $node ; ret
=$?
115 if [[ -e $node ]]; then
116 if [[ $ret -eq 0 ]]; then
117 log_note
"$node not removed, but return code is 0."
121 log_must
$TAR xpf
$TESTDIR/$ARCHIVEFILE
122 if [[ $ret -ne 0 ]]; then
123 log_note
"$node removed, but return code is $ret."
130 function logname
#acl_parent acl_target user
132 typeset acl_parent
=$1
133 typeset acl_target
=$2
136 # To super user, read and write deny permission was override.
137 if [[ $user == "root" ||
$acl_target == *":allow"* ]]; then
139 # If target ACL has an ACE deny'ing delete, DENY
140 elif [[ $acl_target == *"delete:deny"* ]]; then
142 # If target ACL has an ACE allow'ing delete, ALLOW
143 elif [[ $acl_target == *"delete:allow"* ]]; then
145 # If container ACL has an ACE deny'ing delete_child or
147 elif [[ $acl_parent == *"delete_child:deny"* ||
148 $acl_parent == *"write_data:deny"* ]]; then
150 # If container ACL has an ACE allow'ing delete_child or
152 elif [[ $acl_parent == *"delete_child:allow"* ||
153 $acl_parent == *"write_data:allow"* ]]; then
161 function check_chmod_results
#node flag acl_parent acl_target g_usr o_usr
165 typeset acl_parent
=$3
166 typeset acl_target
=$2:$4
171 for acl
in $acl_parent ; do
172 acl_tmp
="$2:$acl $acl_tmp"
176 if [[ $flag == "owner@" ||
$flag == "everyone@" ]]; then
177 log
=$
(logname
"$acl_parent" $acl_target $ZFS_ACL_CUR_USER)
178 $log operate_node
$ZFS_ACL_CUR_USER $node
180 if [[ $flag == "group@" ||
$flag == "everyone@" ]]; then
181 log
=$
(logname
"$acl_parent" $acl_target $g_usr)
182 $log operate_node
$g_usr $node
184 if [[ $flag == "everyone@" ]]; then
185 log
=$
(logname
"$acl_parent" $acl_target $o_usr)
186 $log operate_node
$o_usr $node
188 if [[ $flag == "user:"* ]]; then
189 typeset user
=${flag#user:}
190 log
=$
(logname
"$acl_parent" $acl_target $user)
191 $log operate_node
$user $node
195 function test_chmod_basic_access
#node g_usr o_usr
200 typeset flag acl_p acl_t parent
205 for flag
in ${a_flag[@]}; do
206 for acl_p
in "${access_parent[@]}"; do
208 for acl
in $acl_p ; do
209 log_must usr_exec
$CHMOD A
+$flag:$acl $parent
213 for acl_t
in "${access_target[@]}"; do
215 log_must usr_exec
$CHMOD A
+$flag:$acl_t $node
217 log_must
$TAR cpf
$TESTDIR/$ARCHIVEFILE basedir
219 check_chmod_results
"$node" "$flag" \
220 "$acl_p" "$acl_t" "$g_usr" "$o_usr"
223 log_must usr_exec
$CHMOD A0-
$node
226 while (( i
> 0 )); do
227 log_must usr_exec
$CHMOD A0-
$parent
234 function setup_test_files
#base_node user group
240 cleanup_test_files
$base_node
242 log_must
$MKDIR -p $base_node
243 log_must
$CHOWN $user:$group $base_node
245 log_must set_cur_usr
$user
247 # Prepare all files/sub-dirs for testing.
248 file0
=$base_node/testfile_rm
249 dir0
=$base_node/testdir_rm
251 log_must usr_exec
$TOUCH $file0
252 log_must usr_exec
$CHMOD 444 $file0
254 log_must usr_exec
$MKDIR -p $dir0
255 log_must usr_exec
$CHMOD 444 $dir0
257 log_must usr_exec
$CHMOD 555 $base_node
261 function cleanup_test_files
#base_node
265 if [[ -d $base_node ]]; then
266 log_must
$RM -rf $base_node
267 elif [[ -e $base_node ]]; then
268 log_must
$RM -f $base_node
275 typeset ARCHIVEFILE
=archive.
tar
281 while (( i
< ${#users[@]} )); do
282 setup_test_files
$TESTDIR/basedir
${users[i]} ${users[((i+1))]}
285 while (( j
< 1 )); do
287 test_chmod_basic_access
$target \
288 "${users[((i+2))]}" "${users[((i+3))]}"
291 test_chmod_basic_access
$target \
292 "${users[((i+2))]}" "${users[((i+3))]}"
300 log_pass
"Verify that the combined delete_child/delete permission for" \
301 "owner/group/everyone are correct."