d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add regression tests for NFSv4 ACLs and update POSIX.1e tests to the changed

Browse Source 
error messages.
This commit is contained in:
Edward Tomasz Napierala 2009-09-07 16:26:03 +00:00
parent 3f22187878
commit 0103fcf5dc
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=196938
4 changed files with 1013 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
tools/regression/acltools/00.t
View File

@ -1,5 +1,32 @@
#!/bin/sh
#
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
# This is a wrapper script to run tools-posix.test.
#
# If any of the tests fails, here is how to debug it: go to
@ -9,9 +36,6 @@
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
#
# Output should be obvious.
#
# $FreeBSD$
#
echo "1..4"
@ -59,4 +83,3 @@ rmdir $MNT
mdconfig -du $MD
echo "ok 4"

86
tools/regression/acltools/01.t Normal file
View File

@ -0,0 +1,86 @@
#!/bin/sh
#
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
# This is a wrapper script to run tools-nfs4.test on ZFS filesystem.
#
# WARNING: It uses hardcoded ZFS pool name "acltools"
#
# If any of the tests fails, here is how to debug it: go to
# the directory with problematic filesystem mounted on it,
# and do /path/to/test run /path/to/test tools-nfs4.test, e.g.
#
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
#
# Output should be obvious.
echo "1..4"
if [ `whoami` != "root" ]; then
echo "not ok 1 - you need to be root to run this test."
exit 1
fi
TESTDIR=`dirname $0`
# Set up the test filesystem.
MD=`mdconfig -at swap -s 64m`
MNT=`mktemp -dt acltools`
zpool create -R $MNT acltools /dev/$MD
if [ $? -ne 0 ]; then
echo "not ok 1 - 'zpool create' failed."
exit 1
fi
echo "ok 1"
cd $MNT
# First, check whether we can crash the kernel by creating too many
# entries. For some reason this won't work in the test file.
touch xxx
setfacl -x5 xxx
while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done
chmod 600 xxx
rm xxx
echo "ok 2"
perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null
if [ $? -eq 0 ]; then
echo "ok 3"
else
echo "not ok 3"
fi
cd /
zpool destroy -f acltools
rmdir $MNT
mdconfig -du $MD
echo "ok 4"

829
tools/regression/acltools/tools-nfs4.test Normal file
View File

@ -0,0 +1,829 @@
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
# This is a tools-level test for NFSv4 ACL functionality. Run it as root
# using ACL-enabled kernel:
#
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
#
# WARNING: Creates files in unsafe way.
$ whoami
> root
$ umask 022
# Smoke test for getfacl(1).
$ touch xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ getfacl -q xxx
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Check verbose mode formatting.
$ getfacl -v xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:execute::deny
> owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow
> group@:write_data/execute/append_data::deny
> group@:read_data::allow
> everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny
> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow
# Test setfacl -a.
$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:0:-----------C--:------:allow
> group:1:----------c---:------:deny
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Test user and group name resolving.
$ rm xxx
$ touch xxx
$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:root:-----------C--:------:allow
> group:daemon:----------c---:------:deny
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Check whether ls correctly marks files with "+".
$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--+
# Test removing entries by number.
$ setfacl -x 4 xxx
$ setfacl -x 4 xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:0:-----------C--:------:allow
> group:1:----------c---:------:deny
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Test setfacl -m.
$ setfacl -a0 everyone@:rwx:deny xxx
$ setfacl -a0 everyone@:rwx:deny xxx
$ setfacl -a0 everyone@:rwx:deny xxx
$ setfacl -m everyone@::deny xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> everyone@:--------------:------:deny
> everyone@:--------------:------:deny
> everyone@:--------------:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:0:-----------C--:------:allow
> group:1:----------c---:------:deny
> everyone@:--------------:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Test getfacl -i.
$ getfacl -i xxx
> # file: xxx
> # owner: root
> # group: wheel
> everyone@:--------------:------:deny
> everyone@:--------------:------:deny
> everyone@:--------------:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:root:-----------C--:------:allow:0
> group:daemon:----------c---:------:deny:1
> everyone@:--------------:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Make sure cp without any flags does not copy copy the ACL.
$ cp xxx yyy
$ ls -l yyy | cut -d' ' -f1
> -rw-r--r--
# Make sure it does with the "-p" flag.
$ rm yyy
$ cp -p xxx yyy
$ getfacl -n yyy
> # file: yyy
> # owner: root
> # group: wheel
> everyone@:--------------:------:deny
> everyone@:--------------:------:deny
> everyone@:--------------:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:0:-----------C--:------:allow
> group:1:----------c---:------:deny
> everyone@:--------------:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ rm yyy
# Test removing entries by... by example?
$ setfacl -x everyone@::deny xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> user:0:-----------C--:------:allow
> group:1:----------c---:------:deny
> everyone@:r-----a-R-c--s:------:allow
# Test setfacl -b.
$ setfacl -b xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--
# Check setfacl(1) and getfacl(1) with multiple files.
$ touch xxx yyy zzz
$ ls -l xxx yyy zzz | cut -d' ' -f1
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--
$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz
> setfacl: nnn: stat() failed: No such file or directory
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--+
> -rw-r--r--+
> -rw-r--r--+
$ getfacl -nq nnn xxx yyy zzz
> getfacl: nnn: stat() failed: No such file or directory
> user:42:--x-----------:------:allow
> group:43:-w------------:------:allow
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
>
> user:42:--x-----------:------:allow
> group:43:-w------------:------:allow
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
>
> user:42:--x-----------:------:allow
> group:43:-w------------:------:allow
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ setfacl -b nnn xxx yyy zzz
> setfacl: nnn: stat() failed: No such file or directory
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--
$ rm xxx yyy zzz
# Test applying mode to an ACL.
$ touch xxx
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx
$ chmod 600 xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> user:42:r-------------:------:deny
> user:42:r-------------:------:allow
> user:43:-w------------:------:deny
> user:43:-w------------:------:allow
> user:44:--x-----------:------:deny
> user:44:--x-----------:------:allow
> owner@:--------------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:--------------:------:allow
> everyone@:-------A-W-Co-:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:rwxp----------:------:deny
> group@:--------------:------:allow
> everyone@:rwxp---A-W-Co-:------:deny
> everyone@:------a-R-c--s:------:allow
$ ls -l xxx | cut -d' ' -f1
> -rw-------+
$ rm xxx
$ touch xxx
$ chown 42 xxx
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
$ chmod 600 xxx
$ getfacl -n xxx
> # file: xxx
> # owner: 42
> # group: wheel
> user:42:--------------:------:deny
> user:42:r-------------:------:allow
> user:43:-w------------:------:deny
> user:43:-w------------:------:allow
> user:44:--x-----------:------:deny
> user:44:--x-----------:------:allow
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:rwxp----------:------:deny
> group@:--------------:------:allow
> everyone@:rwxp---A-W-Co-:------:deny
> everyone@:------a-R-c--s:------:allow
$ ls -l xxx | cut -d' ' -f1
> -rw-------+
$ rm xxx
$ touch xxx
$ chown 43 xxx
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
$ chmod 124 xxx
$ getfacl -n xxx
> # file: xxx
> # owner: 43
> # group: wheel
> user:42:r-------------:------:deny
> user:42:r-------------:------:allow
> user:43:-w------------:------:deny
> user:43:-w------------:------:allow
> user:44:--x-----------:------:deny
> user:44:--x-----------:------:allow
> owner@:rw-p----------:------:deny
> owner@:--x----A-W-Co-:------:allow
> group@:r-x-----------:------:deny
> group@:-w-p----------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ ls -l xxx | cut -d' ' -f1
> ---x-w-r--+
$ rm xxx
$ touch xxx
$ chown 43 xxx
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
$ chmod 412 xxx
$ getfacl -n xxx
> # file: xxx
> # owner: 43
> # group: wheel
> user:42:r-------------:------:deny
> user:42:r-------------:------:allow
> user:43:-w------------:------:deny
> user:43:-w------------:------:allow
> user:44:--------------:------:deny
> user:44:--x-----------:------:allow
> owner@:-wxp----------:------:deny
> owner@:r------A-W-Co-:------:allow
> group@:rw-p----------:------:deny
> group@:--x-----------:------:allow
> everyone@:r-x----A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:------:allow
$ ls -l xxx | cut -d' ' -f1
> -r----x-w-+
$ mkdir ddd
$ setfacl -a0 group:44:rwapd:allow ddd
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
$ getfacl -n ddd
> # file: ddd
> # owner: root
> # group: wheel
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:-d----:allow
> group:43:-w--D---------:-d----:deny
> group@:-----da-------:------:allow
> group:44:rw-p-da-------:------:allow
> owner@:--------------:------:deny
> owner@:rwxp---A-W-Co-:------:allow
> group@:-w-p----------:------:deny
> group@:r-x-----------:------:allow
> everyone@:-w-p---A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:f-i---:allow
$ chmod 777 ddd
$ getfacl -n ddd
> # file: ddd
> # owner: root
> # group: wheel
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:-di---:allow
> group:42:--------------:------:deny
> group:42:-w--D---------:------:allow
> group:43:-w--D---------:-di---:deny
> group:43:-w--D---------:------:deny
> group@:-----da-------:------:allow
> group:44:--------------:------:deny
> group:44:rw-p-da-------:------:allow
> owner@:--------------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:--------------:------:allow
> everyone@:-------A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:f-i---:allow
> owner@:--------------:------:deny
> owner@:rwxp---A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:rwxp----------:------:allow
> everyone@:-------A-W-Co-:------:deny
> everyone@:rwxp--a-R-c--s:------:allow
$ rmdir ddd
$ mkdir ddd
$ setfacl -a0 group:44:rwapd:allow ddd
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
$ chmod 124 ddd
$ getfacl -n ddd
> # file: ddd
> # owner: root
> # group: wheel
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:-di---:allow
> group:42:--------------:------:deny
> group:42:----D---------:------:allow
> group:43:-w--D---------:-di---:deny
> group:43:-w--D---------:------:deny
> group@:-----da-------:------:allow
> group:44:r-------------:------:deny
> group:44:r----da-------:------:allow
> owner@:--------------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:--------------:------:allow
> everyone@:-------A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:f-i---:allow
> owner@:rw-p----------:------:deny
> owner@:--x----A-W-Co-:------:allow
> group@:r-x-----------:------:deny
> group@:-w-p----------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ rmdir ddd
$ mkdir ddd
$ setfacl -a0 group:44:rwapd:allow ddd
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
$ chmod 412 ddd
$ getfacl -n ddd
> # file: ddd
> # owner: root
> # group: wheel
> user:42:r-------------:------:deny
> user:42:r-x-----------:------:allow
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:-di---:allow
> group:42:-w------------:------:deny
> group:42:-w--D---------:------:allow
> group:43:-w--D---------:-di---:deny
> group:43:-w--D---------:------:deny
> group@:-----da-------:------:allow
> group:44:rw-p----------:------:deny
> group:44:rw-p-da-------:------:allow
> owner@:--------------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:--------------:------:allow
> everyone@:-------A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:f-i---:allow
> owner@:-wxp----------:------:deny
> owner@:r------A-W-Co-:------:allow
> group@:rw-p----------:------:deny
> group@:--x-----------:------:allow
> everyone@:r-x----A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:------:allow
$ rmdir ddd
$ mkdir ddd
$ setfacl -a0 group:44:rwapd:allow ddd
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
$ chown 42 ddd
$ chmod 412 ddd
$ getfacl -n ddd
> # file: ddd
> # owner: 42
> # group: wheel
> user:42:--x-----------:------:deny
> user:42:r-x-----------:------:allow
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:-di---:allow
> group:42:-w------------:------:deny
> group:42:-w--D---------:------:allow
> group:43:-w--D---------:-di---:deny
> group:43:-w--D---------:------:deny
> group@:-----da-------:------:allow
> group:44:rw-p----------:------:deny
> group:44:rw-p-da-------:------:allow
> owner@:--------------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:--------------:------:allow
> everyone@:-------A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:f-i---:allow
> owner@:-wxp----------:------:deny
> owner@:r------A-W-Co-:------:allow
> group@:rw-p----------:------:deny
> group@:--x-----------:------:allow
> everyone@:r-x----A-W-Co-:------:deny
> everyone@:-w-p--a-R-c--s:------:allow
# Test applying ACL to mode.
$ rmdir ddd
$ mkdir ddd
$ setfacl -a0 u:42:rwx:fi:allow ddd
$ ls -ld ddd | cut -d' ' -f1
> drwxr-xr-x+
$ rmdir ddd
$ mkdir ddd
$ chmod 0 ddd
$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd
$ ls -ld ddd | cut -d' ' -f1
> dr----x---+
# XXX: This one is fishy. Shouldn't it be "dr---wx---+"?
$ rmdir ddd
$ mkdir ddd
$ chmod 0 ddd
$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd
$ ls -ld ddd | cut -d' ' -f1
> dr---wx---+
$ rmdir ddd
$ mkdir ddd
$ chmod 0 ddd
$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd
$ ls -ld ddd | cut -d' ' -f1
> dr--------+
$ rmdir ddd
$ mkdir ddd
$ chmod 0 ddd
$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd
$ ls -ld ddd | cut -d' ' -f1
> dr--------+
# Test inheritance.
$ rmdir ddd
$ mkdir ddd
$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd
$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd
$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd
$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd
$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd
$ getfacl -qn ddd
> user:41:-w-----A------:f--n--:allow
> group:41:r-----a-------:-din--:allow
> user:42:-----------Co-:f-i---:allow
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:-d-n--:deny
> group:43:-w---------C--:f-in--:deny
> user:43:rwxp----------:------:allow
> owner@:--------------:------:deny
> owner@:rwxp---A-W-Co-:------:allow
> group@:-w-p----------:------:deny
> group@:r-x-----------:------:allow
> everyone@:-w-p---A-W-Co-:------:deny
> everyone@:r-x---a-R-c--s:------:allow
$ cd ddd
$ touch xxx
$ getfacl -qn xxx
> user:41:-w------------:------:deny
> user:41:-w-----A------:------:allow
> user:42:--------------:------:deny
> user:42:--------------:------:allow
> user:42:--x-----------:------:deny
> user:42:r-x-----------:------:allow
> group:43:-w---------C--:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ rm xxx
$ umask 077
$ touch xxx
$ getfacl -qn xxx
> user:41:-w------------:------:deny
> user:41:-w-----A------:------:allow
> user:42:--------------:------:deny
> user:42:--------------:------:allow
> user:42:r-x-----------:------:deny
> user:42:r-x-----------:------:allow
> group:43:-w---------C--:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:rwxp----------:------:deny
> group@:--------------:------:allow
> everyone@:rwxp---A-W-Co-:------:deny
> everyone@:------a-R-c--s:------:allow
$ rm xxx
$ umask 770
$ touch xxx
$ getfacl -qn xxx
> user:41:-w------------:------:deny
> user:41:-w-----A------:------:allow
> user:42:--------------:------:deny
> user:42:--------------:------:allow
> user:42:r-x-----------:------:deny
> user:42:r-x-----------:------:allow
> group:43:-w---------C--:------:deny
> owner@:rwxp----------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:rwxp----------:------:deny
> group@:--------------:------:allow
> everyone@:--x----A-W-Co-:------:deny
> everyone@:rw-p--a-R-c--s:------:allow
$ rm xxx
$ umask 707
$ touch xxx
$ getfacl -qn xxx
> user:41:--------------:------:deny
> user:41:-w-----A------:------:allow
> user:42:--------------:------:deny
> user:42:--------------:------:allow
> user:42:--x-----------:------:deny
> user:42:r-x-----------:------:allow
> group:43:-w---------C--:------:deny
> owner@:rwxp----------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--x-----------:------:deny
> group@:rw-p----------:------:allow
> everyone@:rwxp---A-W-Co-:------:deny
> everyone@:------a-R-c--s:------:allow
$ umask 077
$ mkdir yyy
$ getfacl -qn yyy
> group:41:r-------------:------:deny
> group:41:r-----a-------:------:allow
> user:42:-----------Co-:f-i---:allow
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:------:deny
> owner@:--------------:------:deny
> owner@:rwxp---A-W-Co-:------:allow
> group@:rwxp----------:------:deny
> group@:--------------:------:allow
> everyone@:rwxp---A-W-Co-:------:deny
> everyone@:------a-R-c--s:------:allow
$ rmdir yyy
$ umask 770
$ mkdir yyy
$ getfacl -qn yyy
> group:41:r-------------:------:deny
> group:41:r-----a-------:------:allow
> user:42:-----------Co-:f-i---:allow
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:------:deny
> owner@:rwxp----------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:rwxp----------:------:deny
> group@:--------------:------:allow
> everyone@:-------A-W-Co-:------:deny
> everyone@:rwxp--a-R-c--s:------:allow
$ rmdir yyy
$ umask 707
$ mkdir yyy
$ getfacl -qn yyy
> group:41:--------------:------:deny
> group:41:------a-------:------:allow
> user:42:-----------Co-:f-i---:allow
> user:42:r-x-----------:f-i---:allow
> group:42:-w--D---------:------:deny
> owner@:rwxp----------:------:deny
> owner@:-------A-W-Co-:------:allow
> group@:--------------:------:deny
> group@:rwxp----------:------:allow
> everyone@:rwxp---A-W-Co-:------:deny
> everyone@:------a-R-c--s:------:allow
# There is some complication regarding how write_acl and write_owner flags
# get inherited. Make sure we got it right.
$ setfacl -b .
$ setfacl -a0 u:42:Co:f:allow .
$ setfacl -a0 u:43:Co:d:allow .
$ setfacl -a0 u:44:Co:fd:allow .
$ setfacl -a0 u:45:Co:fi:allow .
$ setfacl -a0 u:46:Co:di:allow .
$ setfacl -a0 u:47:Co:fdi:allow .
$ setfacl -a0 u:48:Co:fn:allow .
$ setfacl -a0 u:49:Co:dn:allow .
$ setfacl -a0 u:50:Co:fdn:allow .
$ setfacl -a0 u:51:Co:fni:allow .
$ setfacl -a0 u:52:Co:dni:allow .
$ setfacl -a0 u:53:Co:fdni:allow .
$ umask 022
$ rm xxx
$ touch xxx
$ getfacl -nq xxx
> user:53:--------------:------:deny
> user:53:--------------:------:allow
> user:51:--------------:------:deny
> user:51:--------------:------:allow
> user:50:--------------:------:deny
> user:50:--------------:------:allow
> user:48:--------------:------:deny
> user:48:--------------:------:allow
> user:47:--------------:------:deny
> user:47:--------------:------:allow
> user:45:--------------:------:deny
> user:45:--------------:------:allow
> user:44:--------------:------:deny
> user:44:--------------:------:allow
> user:42:--------------:------:deny
> user:42:--------------:------:allow
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ rmdir yyy
$ mkdir yyy
$ getfacl -nq yyy
> user:53:--------------:------:deny
> user:53:--------------:------:allow
> user:52:--------------:------:deny
> user:52:--------------:------:allow
> user:50:--------------:------:deny
> user:50:--------------:------:allow
> user:49:--------------:------:deny
> user:49:--------------:------:allow
> user:47:-----------Co-:fdi---:allow
> user:47:--------------:------:deny
> user:47:--------------:------:allow
> user:46:-----------Co-:-di---:allow
> user:46:--------------:------:deny
> user:46:--------------:------:allow
> user:45:-----------Co-:f-i---:allow
> user:44:-----------Co-:fdi---:allow
> user:44:--------------:------:deny
> user:44:--------------:------:allow
> user:43:-----------Co-:-di---:allow
> user:43:--------------:------:deny
> user:43:--------------:------:allow
> user:42:-----------Co-:f-i---:allow
> owner@:--------------:------:deny
> owner@:rwxp---A-W-Co-:------:allow
> group@:-w-p----------:------:deny
> group@:r-x-----------:------:allow
> everyone@:-w-p---A-W-Co-:------:deny
> everyone@:r-x---a-R-c--s:------:allow
$ setfacl -b .
$ setfacl -a0 u:42:Co:f:deny .
$ setfacl -a0 u:43:Co:d:deny .
$ setfacl -a0 u:44:Co:fd:deny .
$ setfacl -a0 u:45:Co:fi:deny .
$ setfacl -a0 u:46:Co:di:deny .
$ setfacl -a0 u:47:Co:fdi:deny .
$ setfacl -a0 u:48:Co:fn:deny .
$ setfacl -a0 u:49:Co:dn:deny .
$ setfacl -a0 u:50:Co:fdn:deny .
$ setfacl -a0 u:51:Co:fni:deny .
$ setfacl -a0 u:52:Co:dni:deny .
$ setfacl -a0 u:53:Co:fdni:deny .
$ umask 022
$ rm xxx
$ touch xxx
$ getfacl -nq xxx
> user:53:-----------Co-:------:deny
> user:51:-----------Co-:------:deny
> user:50:-----------Co-:------:deny
> user:48:-----------Co-:------:deny
> user:47:-----------Co-:------:deny
> user:45:-----------Co-:------:deny
> user:44:-----------Co-:------:deny
> user:42:-----------Co-:------:deny
> owner@:--x-----------:------:deny
> owner@:rw-p---A-W-Co-:------:allow
> group@:-wxp----------:------:deny
> group@:r-------------:------:allow
> everyone@:-wxp---A-W-Co-:------:deny
> everyone@:r-----a-R-c--s:------:allow
$ rmdir yyy
$ mkdir yyy
$ getfacl -nq yyy
> user:53:-----------Co-:------:deny
> user:52:-----------Co-:------:deny
> user:50:-----------Co-:------:deny
> user:49:-----------Co-:------:deny
> user:47:-----------Co-:fdi---:deny
> user:47:-----------Co-:------:deny
> user:46:-----------Co-:-di---:deny
> user:46:-----------Co-:------:deny
> user:45:-----------Co-:f-i---:deny
> user:44:-----------Co-:fdi---:deny
> user:44:-----------Co-:------:deny
> user:43:-----------Co-:-di---:deny
> user:43:-----------Co-:------:deny
> user:42:-----------Co-:f-i---:deny
> owner@:--------------:------:deny
> owner@:rwxp---A-W-Co-:------:allow
> group@:-w-p----------:------:deny
> group@:r-x-----------:------:allow
> everyone@:-w-p---A-W-Co-:------:deny
> everyone@:r-x---a-R-c--s:------:allow
$ rmdir yyy
$ rm xxx
$ cd ..
$ rmdir ddd
$ rm xxx

93
tools/regression/acltools/tools-posix.test
View File

@ -1,11 +1,36 @@
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
# This is a tools-level test for POSIX.1e ACL functionality. Run it as root
# using ACL-enabled kernel:
#
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
#
# WARNING: Creates files in unsafe way.
#
# $FreeBSD$
$ whoami
> root
@ -13,7 +38,7 @@ $ umask 022
# Smoke test for getfacl(1).
$ touch xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -27,7 +52,7 @@ $ getfacl -q xxx
> other::r--
$ setfacl -m u:42:r,g:43:w xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -98,8 +123,32 @@ $ getfacl xxx
> mask::rw-
> other::r--
$ setfacl -m u:42:r xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--
# Test removing entries by number.
$ setfacl -x 1 xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--
$ setfacl -m g:43:r xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -117,7 +166,7 @@ $ ls -l yyy | cut -d' ' -f1
# Make sure it does with the "-p" flag.
$ rm yyy
$ cp -p xxx yyy
$ getfacl yyy
$ getfacl -n yyy
> # file: yyy
> # owner: root
> # group: wheel
@ -132,7 +181,7 @@ $ rm yyy
# Test removing entries by... by example?
$ setfacl -m u:42:r,g:43:w xxx
$ setfacl -x u:42: xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -144,7 +193,7 @@ $ getfacl xxx
# Test setfacl -b.
$ setfacl -b xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -157,7 +206,7 @@ $ ls -l xxx | cut -d' ' -f1
> -rw-r--r--+
$ setfacl -nb xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -177,7 +226,7 @@ $ ls -l xxx yyy zzz | cut -d' ' -f1
> -rw-r--r--
$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory
> setfacl: nnn: stat() failed: No such file or directory
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
@ -185,8 +234,8 @@ $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> -rw-rwxr--+
> -rw-rwxr--+
$ getfacl -q nnn xxx yyy zzz
> getfacl: nnn: No such file or directory
$ getfacl -nq nnn xxx yyy zzz
> getfacl: nnn: stat() failed: No such file or directory
> user::rw-
> user:42:--x
> group::r--
@ -209,7 +258,7 @@ $ getfacl -q nnn xxx yyy zzz
> other::r--
$ setfacl -b nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory
> setfacl: nnn: stat() failed: No such file or directory
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
@ -218,7 +267,7 @@ $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> -rw-r--r--+
$ setfacl -bn nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory
> setfacl: nnn: stat() failed: No such file or directory
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
@ -232,7 +281,7 @@ $ rm xxx yyy zzz
$ touch xxx
$ setfacl -m u:42:rwx,g:43:rwx xxx
$ chmod 600 xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -244,7 +293,7 @@ $ getfacl xxx
> other::---
$ chmod 060 xxx
$ getfacl xxx
$ getfacl -n xxx
> # file: xxx
> # owner: root
> # group: wheel
@ -258,7 +307,7 @@ $ getfacl xxx
# Test default ACLs.
$ umask 022
$ mkdir ddd
$ getfacl -q ddd
$ getfacl -qn ddd
> user::rwx
> group::r-x
> other::r-x
@ -268,7 +317,7 @@ $ ls -l | grep ddd | cut -d' ' -f1
$ getfacl -dq ddd
$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
$ getfacl -dq ddd
$ getfacl -dqn ddd
> user::rwx
> group::r-x
> mask::rwx
@ -280,7 +329,7 @@ $ ls -l | grep ddd | cut -d' ' -f1
$ setfacl -dm g:42:rwx,u:42:r ddd
$ setfacl -dm g::w ddd
$ getfacl -dq ddd
$ getfacl -dqn ddd
> user::rwx
> user:42:r--
> group::-w-
@ -289,7 +338,7 @@ $ getfacl -dq ddd
> other::r-x
$ setfacl -dx group:42: ddd
$ getfacl -dq ddd
$ getfacl -dqn ddd
> user::rwx
> user:42:r--
> group::-w-
@ -389,7 +438,7 @@ $ rm fff
# Test if we deal properly with device files.
$ mknod bbb b 1 1
$ setfacl -m u:42:r,g:43:w bbb
> setfacl: acl_get_file() failed: Operation not supported
> setfacl: bbb: acl_get_file() failed: Operation not supported
$ ls -l bbb | cut -d' ' -f1
> brw-r--r--
@ -397,7 +446,7 @@ $ rm bbb
$ mknod ccc c 1 1
$ setfacl -m u:42:r,g:43:w ccc
> setfacl: acl_get_file() failed: Operation not supported
> setfacl: ccc: acl_get_file() failed: Operation not supported
$ ls -l ccc | cut -d' ' -f1
> crw-r--r--