Add regression tests for NFSv4 ACLs and update POSIX.1e tests to the changed
error messages.
This commit is contained in:
parent
3f22187878
commit
0103fcf5dc
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=196938
@ -1,5 +1,32 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# This is a wrapper script to run tools-posix.test.
|
||||
#
|
||||
# If any of the tests fails, here is how to debug it: go to
|
||||
@ -9,9 +36,6 @@
|
||||
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
|
||||
#
|
||||
# Output should be obvious.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
echo "1..4"
|
||||
|
||||
@ -59,4 +83,3 @@ rmdir $MNT
|
||||
mdconfig -du $MD
|
||||
|
||||
echo "ok 4"
|
||||
|
||||
|
86
tools/regression/acltools/01.t
Normal file
86
tools/regression/acltools/01.t
Normal file
@ -0,0 +1,86 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# This is a wrapper script to run tools-nfs4.test on ZFS filesystem.
|
||||
#
|
||||
# WARNING: It uses hardcoded ZFS pool name "acltools"
|
||||
#
|
||||
# If any of the tests fails, here is how to debug it: go to
|
||||
# the directory with problematic filesystem mounted on it,
|
||||
# and do /path/to/test run /path/to/test tools-nfs4.test, e.g.
|
||||
#
|
||||
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
|
||||
#
|
||||
# Output should be obvious.
|
||||
|
||||
echo "1..4"
|
||||
|
||||
if [ `whoami` != "root" ]; then
|
||||
echo "not ok 1 - you need to be root to run this test."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
TESTDIR=`dirname $0`
|
||||
|
||||
# Set up the test filesystem.
|
||||
MD=`mdconfig -at swap -s 64m`
|
||||
MNT=`mktemp -dt acltools`
|
||||
zpool create -R $MNT acltools /dev/$MD
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "not ok 1 - 'zpool create' failed."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "ok 1"
|
||||
|
||||
cd $MNT
|
||||
|
||||
# First, check whether we can crash the kernel by creating too many
|
||||
# entries. For some reason this won't work in the test file.
|
||||
touch xxx
|
||||
setfacl -x5 xxx
|
||||
while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done
|
||||
chmod 600 xxx
|
||||
rm xxx
|
||||
echo "ok 2"
|
||||
|
||||
perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
echo "ok 3"
|
||||
else
|
||||
echo "not ok 3"
|
||||
fi
|
||||
|
||||
cd /
|
||||
zpool destroy -f acltools
|
||||
rmdir $MNT
|
||||
mdconfig -du $MD
|
||||
|
||||
echo "ok 4"
|
829
tools/regression/acltools/tools-nfs4.test
Normal file
829
tools/regression/acltools/tools-nfs4.test
Normal file
@ -0,0 +1,829 @@
|
||||
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# This is a tools-level test for NFSv4 ACL functionality. Run it as root
|
||||
# using ACL-enabled kernel:
|
||||
#
|
||||
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
|
||||
#
|
||||
# WARNING: Creates files in unsafe way.
|
||||
|
||||
$ whoami
|
||||
> root
|
||||
$ umask 022
|
||||
|
||||
# Smoke test for getfacl(1).
|
||||
$ touch xxx
|
||||
$ getfacl xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ getfacl -q xxx
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Check verbose mode formatting.
|
||||
$ getfacl -v xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:execute::deny
|
||||
> owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow
|
||||
> group@:write_data/execute/append_data::deny
|
||||
> group@:read_data::allow
|
||||
> everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny
|
||||
> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow
|
||||
|
||||
# Test setfacl -a.
|
||||
$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Test user and group name resolving.
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx
|
||||
$ getfacl xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:root:-----------C--:------:allow
|
||||
> group:daemon:----------c---:------:deny
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Check whether ls correctly marks files with "+".
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--+
|
||||
|
||||
# Test removing entries by number.
|
||||
$ setfacl -x 4 xxx
|
||||
$ setfacl -x 4 xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Test setfacl -m.
|
||||
$ setfacl -a0 everyone@:rwx:deny xxx
|
||||
$ setfacl -a0 everyone@:rwx:deny xxx
|
||||
$ setfacl -a0 everyone@:rwx:deny xxx
|
||||
$ setfacl -m everyone@::deny xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Test getfacl -i.
|
||||
$ getfacl -i xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:root:-----------C--:------:allow:0
|
||||
> group:daemon:----------c---:------:deny:1
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Make sure cp without any flags does not copy copy the ACL.
|
||||
$ cp xxx yyy
|
||||
$ ls -l yyy | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
|
||||
# Make sure it does with the "-p" flag.
|
||||
$ rm yyy
|
||||
$ cp -p xxx yyy
|
||||
$ getfacl -n yyy
|
||||
> # file: yyy
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:--------------:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ rm yyy
|
||||
|
||||
# Test removing entries by... by example?
|
||||
$ setfacl -x everyone@::deny xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> user:0:-----------C--:------:allow
|
||||
> group:1:----------c---:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
# Test setfacl -b.
|
||||
$ setfacl -b xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
|
||||
# Check setfacl(1) and getfacl(1) with multiple files.
|
||||
$ touch xxx yyy zzz
|
||||
|
||||
$ ls -l xxx yyy zzz | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
> -rw-r--r--
|
||||
> -rw-r--r--
|
||||
|
||||
$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz
|
||||
> setfacl: nnn: stat() failed: No such file or directory
|
||||
|
||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> ls: nnn: No such file or directory
|
||||
> -rw-r--r--+
|
||||
> -rw-r--r--+
|
||||
> -rw-r--r--+
|
||||
|
||||
$ getfacl -nq nnn xxx yyy zzz
|
||||
> getfacl: nnn: stat() failed: No such file or directory
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
>
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
>
|
||||
> user:42:--x-----------:------:allow
|
||||
> group:43:-w------------:------:allow
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ setfacl -b nnn xxx yyy zzz
|
||||
> setfacl: nnn: stat() failed: No such file or directory
|
||||
|
||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> ls: nnn: No such file or directory
|
||||
> -rw-r--r--
|
||||
> -rw-r--r--
|
||||
> -rw-r--r--
|
||||
|
||||
$ rm xxx yyy zzz
|
||||
|
||||
# Test applying mode to an ACL.
|
||||
$ touch xxx
|
||||
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx
|
||||
$ chmod 600 xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user:42:r-------------:------:deny
|
||||
> user:42:r-------------:------:allow
|
||||
> user:43:-w------------:------:deny
|
||||
> user:43:-w------------:------:allow
|
||||
> user:44:--x-----------:------:deny
|
||||
> user:44:--x-----------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:rwxp----------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:rwxp---A-W-Co-:------:deny
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-------+
|
||||
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ chown 42 xxx
|
||||
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
|
||||
$ chmod 600 xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: 42
|
||||
> # group: wheel
|
||||
> user:42:--------------:------:deny
|
||||
> user:42:r-------------:------:allow
|
||||
> user:43:-w------------:------:deny
|
||||
> user:43:-w------------:------:allow
|
||||
> user:44:--x-----------:------:deny
|
||||
> user:44:--x-----------:------:allow
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:rwxp----------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:rwxp---A-W-Co-:------:deny
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-------+
|
||||
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ chown 43 xxx
|
||||
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
|
||||
$ chmod 124 xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: 43
|
||||
> # group: wheel
|
||||
> user:42:r-------------:------:deny
|
||||
> user:42:r-------------:------:allow
|
||||
> user:43:-w------------:------:deny
|
||||
> user:43:-w------------:------:allow
|
||||
> user:44:--x-----------:------:deny
|
||||
> user:44:--x-----------:------:allow
|
||||
> owner@:rw-p----------:------:deny
|
||||
> owner@:--x----A-W-Co-:------:allow
|
||||
> group@:r-x-----------:------:deny
|
||||
> group@:-w-p----------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> ---x-w-r--+
|
||||
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ chown 43 xxx
|
||||
$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
|
||||
$ chmod 412 xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: 43
|
||||
> # group: wheel
|
||||
> user:42:r-------------:------:deny
|
||||
> user:42:r-------------:------:allow
|
||||
> user:43:-w------------:------:deny
|
||||
> user:43:-w------------:------:allow
|
||||
> user:44:--------------:------:deny
|
||||
> user:44:--x-----------:------:allow
|
||||
> owner@:-wxp----------:------:deny
|
||||
> owner@:r------A-W-Co-:------:allow
|
||||
> group@:rw-p----------:------:deny
|
||||
> group@:--x-----------:------:allow
|
||||
> everyone@:r-x----A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:------:allow
|
||||
$ ls -l xxx | cut -d' ' -f1
|
||||
> -r----x-w-+
|
||||
|
||||
$ mkdir ddd
|
||||
$ setfacl -a0 group:44:rwapd:allow ddd
|
||||
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
|
||||
$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
|
||||
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
|
||||
$ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-d----:allow
|
||||
> group:43:-w--D---------:-d----:deny
|
||||
> group@:-----da-------:------:allow
|
||||
> group:44:rw-p-da-------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:rwxp---A-W-Co-:------:allow
|
||||
> group@:-w-p----------:------:deny
|
||||
> group@:r-x-----------:------:allow
|
||||
> everyone@:-w-p---A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:f-i---:allow
|
||||
$ chmod 777 ddd
|
||||
$ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-di---:allow
|
||||
> group:42:--------------:------:deny
|
||||
> group:42:-w--D---------:------:allow
|
||||
> group:43:-w--D---------:-di---:deny
|
||||
> group:43:-w--D---------:------:deny
|
||||
> group@:-----da-------:------:allow
|
||||
> group:44:--------------:------:deny
|
||||
> group:44:rw-p-da-------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:f-i---:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:rwxp---A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:rwxp----------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> everyone@:rwxp--a-R-c--s:------:allow
|
||||
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ setfacl -a0 group:44:rwapd:allow ddd
|
||||
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
|
||||
$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
|
||||
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
|
||||
$ chmod 124 ddd
|
||||
$ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-di---:allow
|
||||
> group:42:--------------:------:deny
|
||||
> group:42:----D---------:------:allow
|
||||
> group:43:-w--D---------:-di---:deny
|
||||
> group:43:-w--D---------:------:deny
|
||||
> group@:-----da-------:------:allow
|
||||
> group:44:r-------------:------:deny
|
||||
> group:44:r----da-------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:f-i---:allow
|
||||
> owner@:rw-p----------:------:deny
|
||||
> owner@:--x----A-W-Co-:------:allow
|
||||
> group@:r-x-----------:------:deny
|
||||
> group@:-w-p----------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ setfacl -a0 group:44:rwapd:allow ddd
|
||||
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
|
||||
$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
|
||||
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
|
||||
$ chmod 412 ddd
|
||||
$ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user:42:r-------------:------:deny
|
||||
> user:42:r-x-----------:------:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-di---:allow
|
||||
> group:42:-w------------:------:deny
|
||||
> group:42:-w--D---------:------:allow
|
||||
> group:43:-w--D---------:-di---:deny
|
||||
> group:43:-w--D---------:------:deny
|
||||
> group@:-----da-------:------:allow
|
||||
> group:44:rw-p----------:------:deny
|
||||
> group:44:rw-p-da-------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:f-i---:allow
|
||||
> owner@:-wxp----------:------:deny
|
||||
> owner@:r------A-W-Co-:------:allow
|
||||
> group@:rw-p----------:------:deny
|
||||
> group@:--x-----------:------:allow
|
||||
> everyone@:r-x----A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:------:allow
|
||||
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ setfacl -a0 group:44:rwapd:allow ddd
|
||||
$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
|
||||
$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
|
||||
$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
|
||||
$ chown 42 ddd
|
||||
$ chmod 412 ddd
|
||||
$ getfacl -n ddd
|
||||
> # file: ddd
|
||||
> # owner: 42
|
||||
> # group: wheel
|
||||
> user:42:--x-----------:------:deny
|
||||
> user:42:r-x-----------:------:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-di---:allow
|
||||
> group:42:-w------------:------:deny
|
||||
> group:42:-w--D---------:------:allow
|
||||
> group:43:-w--D---------:-di---:deny
|
||||
> group:43:-w--D---------:------:deny
|
||||
> group@:-----da-------:------:allow
|
||||
> group:44:rw-p----------:------:deny
|
||||
> group:44:rw-p-da-------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:f-i---:allow
|
||||
> owner@:-wxp----------:------:deny
|
||||
> owner@:r------A-W-Co-:------:allow
|
||||
> group@:rw-p----------:------:deny
|
||||
> group@:--x-----------:------:allow
|
||||
> everyone@:r-x----A-W-Co-:------:deny
|
||||
> everyone@:-w-p--a-R-c--s:------:allow
|
||||
|
||||
# Test applying ACL to mode.
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ setfacl -a0 u:42:rwx:fi:allow ddd
|
||||
$ ls -ld ddd | cut -d' ' -f1
|
||||
> drwxr-xr-x+
|
||||
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ chmod 0 ddd
|
||||
$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd
|
||||
$ ls -ld ddd | cut -d' ' -f1
|
||||
> dr----x---+
|
||||
|
||||
# XXX: This one is fishy. Shouldn't it be "dr---wx---+"?
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ chmod 0 ddd
|
||||
$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd
|
||||
$ ls -ld ddd | cut -d' ' -f1
|
||||
> dr---wx---+
|
||||
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ chmod 0 ddd
|
||||
$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd
|
||||
$ ls -ld ddd | cut -d' ' -f1
|
||||
> dr--------+
|
||||
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ chmod 0 ddd
|
||||
$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd
|
||||
$ ls -ld ddd | cut -d' ' -f1
|
||||
> dr--------+
|
||||
|
||||
# Test inheritance.
|
||||
$ rmdir ddd
|
||||
$ mkdir ddd
|
||||
$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd
|
||||
$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd
|
||||
$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd
|
||||
$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd
|
||||
$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd
|
||||
$ getfacl -qn ddd
|
||||
> user:41:-w-----A------:f--n--:allow
|
||||
> group:41:r-----a-------:-din--:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:-d-n--:deny
|
||||
> group:43:-w---------C--:f-in--:deny
|
||||
> user:43:rwxp----------:------:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:rwxp---A-W-Co-:------:allow
|
||||
> group@:-w-p----------:------:deny
|
||||
> group@:r-x-----------:------:allow
|
||||
> everyone@:-w-p---A-W-Co-:------:deny
|
||||
> everyone@:r-x---a-R-c--s:------:allow
|
||||
|
||||
$ cd ddd
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> user:41:-w------------:------:deny
|
||||
> user:41:-w-----A------:------:allow
|
||||
> user:42:--------------:------:deny
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:--x-----------:------:deny
|
||||
> user:42:r-x-----------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ rm xxx
|
||||
$ umask 077
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> user:41:-w------------:------:deny
|
||||
> user:41:-w-----A------:------:allow
|
||||
> user:42:--------------:------:deny
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:r-x-----------:------:deny
|
||||
> user:42:r-x-----------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:rwxp----------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:rwxp---A-W-Co-:------:deny
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
|
||||
$ rm xxx
|
||||
$ umask 770
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> user:41:-w------------:------:deny
|
||||
> user:41:-w-----A------:------:allow
|
||||
> user:42:--------------:------:deny
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:r-x-----------:------:deny
|
||||
> user:42:r-x-----------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:rwxp----------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:rwxp----------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:--x----A-W-Co-:------:deny
|
||||
> everyone@:rw-p--a-R-c--s:------:allow
|
||||
|
||||
$ rm xxx
|
||||
$ umask 707
|
||||
$ touch xxx
|
||||
$ getfacl -qn xxx
|
||||
> user:41:--------------:------:deny
|
||||
> user:41:-w-----A------:------:allow
|
||||
> user:42:--------------:------:deny
|
||||
> user:42:--------------:------:allow
|
||||
> user:42:--x-----------:------:deny
|
||||
> user:42:r-x-----------:------:allow
|
||||
> group:43:-w---------C--:------:deny
|
||||
> owner@:rwxp----------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--x-----------:------:deny
|
||||
> group@:rw-p----------:------:allow
|
||||
> everyone@:rwxp---A-W-Co-:------:deny
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
|
||||
$ umask 077
|
||||
$ mkdir yyy
|
||||
$ getfacl -qn yyy
|
||||
> group:41:r-------------:------:deny
|
||||
> group:41:r-----a-------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:------:deny
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:rwxp---A-W-Co-:------:allow
|
||||
> group@:rwxp----------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:rwxp---A-W-Co-:------:deny
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ umask 770
|
||||
$ mkdir yyy
|
||||
$ getfacl -qn yyy
|
||||
> group:41:r-------------:------:deny
|
||||
> group:41:r-----a-------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:------:deny
|
||||
> owner@:rwxp----------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:rwxp----------:------:deny
|
||||
> group@:--------------:------:allow
|
||||
> everyone@:-------A-W-Co-:------:deny
|
||||
> everyone@:rwxp--a-R-c--s:------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ umask 707
|
||||
$ mkdir yyy
|
||||
$ getfacl -qn yyy
|
||||
> group:41:--------------:------:deny
|
||||
> group:41:------a-------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> user:42:r-x-----------:f-i---:allow
|
||||
> group:42:-w--D---------:------:deny
|
||||
> owner@:rwxp----------:------:deny
|
||||
> owner@:-------A-W-Co-:------:allow
|
||||
> group@:--------------:------:deny
|
||||
> group@:rwxp----------:------:allow
|
||||
> everyone@:rwxp---A-W-Co-:------:deny
|
||||
> everyone@:------a-R-c--s:------:allow
|
||||
|
||||
# There is some complication regarding how write_acl and write_owner flags
|
||||
# get inherited. Make sure we got it right.
|
||||
$ setfacl -b .
|
||||
$ setfacl -a0 u:42:Co:f:allow .
|
||||
$ setfacl -a0 u:43:Co:d:allow .
|
||||
$ setfacl -a0 u:44:Co:fd:allow .
|
||||
$ setfacl -a0 u:45:Co:fi:allow .
|
||||
$ setfacl -a0 u:46:Co:di:allow .
|
||||
$ setfacl -a0 u:47:Co:fdi:allow .
|
||||
$ setfacl -a0 u:48:Co:fn:allow .
|
||||
$ setfacl -a0 u:49:Co:dn:allow .
|
||||
$ setfacl -a0 u:50:Co:fdn:allow .
|
||||
$ setfacl -a0 u:51:Co:fni:allow .
|
||||
$ setfacl -a0 u:52:Co:dni:allow .
|
||||
$ setfacl -a0 u:53:Co:fdni:allow .
|
||||
$ umask 022
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ getfacl -nq xxx
|
||||
> user:53:--------------:------:deny
|
||||
> user:53:--------------:------:allow
|
||||
> user:51:--------------:------:deny
|
||||
> user:51:--------------:------:allow
|
||||
> user:50:--------------:------:deny
|
||||
> user:50:--------------:------:allow
|
||||
> user:48:--------------:------:deny
|
||||
> user:48:--------------:------:allow
|
||||
> user:47:--------------:------:deny
|
||||
> user:47:--------------:------:allow
|
||||
> user:45:--------------:------:deny
|
||||
> user:45:--------------:------:allow
|
||||
> user:44:--------------:------:deny
|
||||
> user:44:--------------:------:allow
|
||||
> user:42:--------------:------:deny
|
||||
> user:42:--------------:------:allow
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ mkdir yyy
|
||||
$ getfacl -nq yyy
|
||||
> user:53:--------------:------:deny
|
||||
> user:53:--------------:------:allow
|
||||
> user:52:--------------:------:deny
|
||||
> user:52:--------------:------:allow
|
||||
> user:50:--------------:------:deny
|
||||
> user:50:--------------:------:allow
|
||||
> user:49:--------------:------:deny
|
||||
> user:49:--------------:------:allow
|
||||
> user:47:-----------Co-:fdi---:allow
|
||||
> user:47:--------------:------:deny
|
||||
> user:47:--------------:------:allow
|
||||
> user:46:-----------Co-:-di---:allow
|
||||
> user:46:--------------:------:deny
|
||||
> user:46:--------------:------:allow
|
||||
> user:45:-----------Co-:f-i---:allow
|
||||
> user:44:-----------Co-:fdi---:allow
|
||||
> user:44:--------------:------:deny
|
||||
> user:44:--------------:------:allow
|
||||
> user:43:-----------Co-:-di---:allow
|
||||
> user:43:--------------:------:deny
|
||||
> user:43:--------------:------:allow
|
||||
> user:42:-----------Co-:f-i---:allow
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:rwxp---A-W-Co-:------:allow
|
||||
> group@:-w-p----------:------:deny
|
||||
> group@:r-x-----------:------:allow
|
||||
> everyone@:-w-p---A-W-Co-:------:deny
|
||||
> everyone@:r-x---a-R-c--s:------:allow
|
||||
|
||||
$ setfacl -b .
|
||||
$ setfacl -a0 u:42:Co:f:deny .
|
||||
$ setfacl -a0 u:43:Co:d:deny .
|
||||
$ setfacl -a0 u:44:Co:fd:deny .
|
||||
$ setfacl -a0 u:45:Co:fi:deny .
|
||||
$ setfacl -a0 u:46:Co:di:deny .
|
||||
$ setfacl -a0 u:47:Co:fdi:deny .
|
||||
$ setfacl -a0 u:48:Co:fn:deny .
|
||||
$ setfacl -a0 u:49:Co:dn:deny .
|
||||
$ setfacl -a0 u:50:Co:fdn:deny .
|
||||
$ setfacl -a0 u:51:Co:fni:deny .
|
||||
$ setfacl -a0 u:52:Co:dni:deny .
|
||||
$ setfacl -a0 u:53:Co:fdni:deny .
|
||||
$ umask 022
|
||||
$ rm xxx
|
||||
$ touch xxx
|
||||
$ getfacl -nq xxx
|
||||
> user:53:-----------Co-:------:deny
|
||||
> user:51:-----------Co-:------:deny
|
||||
> user:50:-----------Co-:------:deny
|
||||
> user:48:-----------Co-:------:deny
|
||||
> user:47:-----------Co-:------:deny
|
||||
> user:45:-----------Co-:------:deny
|
||||
> user:44:-----------Co-:------:deny
|
||||
> user:42:-----------Co-:------:deny
|
||||
> owner@:--x-----------:------:deny
|
||||
> owner@:rw-p---A-W-Co-:------:allow
|
||||
> group@:-wxp----------:------:deny
|
||||
> group@:r-------------:------:allow
|
||||
> everyone@:-wxp---A-W-Co-:------:deny
|
||||
> everyone@:r-----a-R-c--s:------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ mkdir yyy
|
||||
$ getfacl -nq yyy
|
||||
> user:53:-----------Co-:------:deny
|
||||
> user:52:-----------Co-:------:deny
|
||||
> user:50:-----------Co-:------:deny
|
||||
> user:49:-----------Co-:------:deny
|
||||
> user:47:-----------Co-:fdi---:deny
|
||||
> user:47:-----------Co-:------:deny
|
||||
> user:46:-----------Co-:-di---:deny
|
||||
> user:46:-----------Co-:------:deny
|
||||
> user:45:-----------Co-:f-i---:deny
|
||||
> user:44:-----------Co-:fdi---:deny
|
||||
> user:44:-----------Co-:------:deny
|
||||
> user:43:-----------Co-:-di---:deny
|
||||
> user:43:-----------Co-:------:deny
|
||||
> user:42:-----------Co-:f-i---:deny
|
||||
> owner@:--------------:------:deny
|
||||
> owner@:rwxp---A-W-Co-:------:allow
|
||||
> group@:-w-p----------:------:deny
|
||||
> group@:r-x-----------:------:allow
|
||||
> everyone@:-w-p---A-W-Co-:------:deny
|
||||
> everyone@:r-x---a-R-c--s:------:allow
|
||||
|
||||
$ rmdir yyy
|
||||
$ rm xxx
|
||||
$ cd ..
|
||||
$ rmdir ddd
|
||||
|
||||
$ rm xxx
|
||||
|
@ -1,11 +1,36 @@
|
||||
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
|
||||
# All rights reserved.
|
||||
#
|
||||
# Redistribution and use in source and binary forms, with or without
|
||||
# modification, are permitted provided that the following conditions
|
||||
# are met:
|
||||
# 1. Redistributions of source code must retain the above copyright
|
||||
# notice, this list of conditions and the following disclaimer.
|
||||
# 2. Redistributions in binary form must reproduce the above copyright
|
||||
# notice, this list of conditions and the following disclaimer in the
|
||||
# documentation and/or other materials provided with the distribution.
|
||||
#
|
||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
# SUCH DAMAGE.
|
||||
#
|
||||
# $FreeBSD$
|
||||
#
|
||||
|
||||
# This is a tools-level test for POSIX.1e ACL functionality. Run it as root
|
||||
# using ACL-enabled kernel:
|
||||
#
|
||||
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
|
||||
#
|
||||
# WARNING: Creates files in unsafe way.
|
||||
#
|
||||
# $FreeBSD$
|
||||
|
||||
$ whoami
|
||||
> root
|
||||
@ -13,7 +38,7 @@ $ umask 022
|
||||
|
||||
# Smoke test for getfacl(1).
|
||||
$ touch xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -27,7 +52,7 @@ $ getfacl -q xxx
|
||||
> other::r--
|
||||
|
||||
$ setfacl -m u:42:r,g:43:w xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -98,8 +123,32 @@ $ getfacl xxx
|
||||
> mask::rw-
|
||||
> other::r--
|
||||
|
||||
$ setfacl -m u:42:r xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user::rw-
|
||||
> user:42:r--
|
||||
> group::r--
|
||||
> group:43:-w-
|
||||
> mask::rw-
|
||||
> other::r--
|
||||
|
||||
# Test removing entries by number.
|
||||
$ setfacl -x 1 xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
> user::rw-
|
||||
> group::r--
|
||||
> group:43:-w-
|
||||
> mask::rw-
|
||||
> other::r--
|
||||
|
||||
$ setfacl -m g:43:r xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -117,7 +166,7 @@ $ ls -l yyy | cut -d' ' -f1
|
||||
# Make sure it does with the "-p" flag.
|
||||
$ rm yyy
|
||||
$ cp -p xxx yyy
|
||||
$ getfacl yyy
|
||||
$ getfacl -n yyy
|
||||
> # file: yyy
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -132,7 +181,7 @@ $ rm yyy
|
||||
# Test removing entries by... by example?
|
||||
$ setfacl -m u:42:r,g:43:w xxx
|
||||
$ setfacl -x u:42: xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -144,7 +193,7 @@ $ getfacl xxx
|
||||
|
||||
# Test setfacl -b.
|
||||
$ setfacl -b xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -157,7 +206,7 @@ $ ls -l xxx | cut -d' ' -f1
|
||||
> -rw-r--r--+
|
||||
|
||||
$ setfacl -nb xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -177,7 +226,7 @@ $ ls -l xxx yyy zzz | cut -d' ' -f1
|
||||
> -rw-r--r--
|
||||
|
||||
$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
|
||||
> setfacl: stat() of nnn failed: No such file or directory
|
||||
> setfacl: nnn: stat() failed: No such file or directory
|
||||
|
||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> ls: nnn: No such file or directory
|
||||
@ -185,8 +234,8 @@ $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> -rw-rwxr--+
|
||||
> -rw-rwxr--+
|
||||
|
||||
$ getfacl -q nnn xxx yyy zzz
|
||||
> getfacl: nnn: No such file or directory
|
||||
$ getfacl -nq nnn xxx yyy zzz
|
||||
> getfacl: nnn: stat() failed: No such file or directory
|
||||
> user::rw-
|
||||
> user:42:--x
|
||||
> group::r--
|
||||
@ -209,7 +258,7 @@ $ getfacl -q nnn xxx yyy zzz
|
||||
> other::r--
|
||||
|
||||
$ setfacl -b nnn xxx yyy zzz
|
||||
> setfacl: stat() of nnn failed: No such file or directory
|
||||
> setfacl: nnn: stat() failed: No such file or directory
|
||||
|
||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> ls: nnn: No such file or directory
|
||||
@ -218,7 +267,7 @@ $ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> -rw-r--r--+
|
||||
|
||||
$ setfacl -bn nnn xxx yyy zzz
|
||||
> setfacl: stat() of nnn failed: No such file or directory
|
||||
> setfacl: nnn: stat() failed: No such file or directory
|
||||
|
||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
|
||||
> ls: nnn: No such file or directory
|
||||
@ -232,7 +281,7 @@ $ rm xxx yyy zzz
|
||||
$ touch xxx
|
||||
$ setfacl -m u:42:rwx,g:43:rwx xxx
|
||||
$ chmod 600 xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -244,7 +293,7 @@ $ getfacl xxx
|
||||
> other::---
|
||||
|
||||
$ chmod 060 xxx
|
||||
$ getfacl xxx
|
||||
$ getfacl -n xxx
|
||||
> # file: xxx
|
||||
> # owner: root
|
||||
> # group: wheel
|
||||
@ -258,7 +307,7 @@ $ getfacl xxx
|
||||
# Test default ACLs.
|
||||
$ umask 022
|
||||
$ mkdir ddd
|
||||
$ getfacl -q ddd
|
||||
$ getfacl -qn ddd
|
||||
> user::rwx
|
||||
> group::r-x
|
||||
> other::r-x
|
||||
@ -268,7 +317,7 @@ $ ls -l | grep ddd | cut -d' ' -f1
|
||||
|
||||
$ getfacl -dq ddd
|
||||
$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
|
||||
$ getfacl -dq ddd
|
||||
$ getfacl -dqn ddd
|
||||
> user::rwx
|
||||
> group::r-x
|
||||
> mask::rwx
|
||||
@ -280,7 +329,7 @@ $ ls -l | grep ddd | cut -d' ' -f1
|
||||
|
||||
$ setfacl -dm g:42:rwx,u:42:r ddd
|
||||
$ setfacl -dm g::w ddd
|
||||
$ getfacl -dq ddd
|
||||
$ getfacl -dqn ddd
|
||||
> user::rwx
|
||||
> user:42:r--
|
||||
> group::-w-
|
||||
@ -289,7 +338,7 @@ $ getfacl -dq ddd
|
||||
> other::r-x
|
||||
|
||||
$ setfacl -dx group:42: ddd
|
||||
$ getfacl -dq ddd
|
||||
$ getfacl -dqn ddd
|
||||
> user::rwx
|
||||
> user:42:r--
|
||||
> group::-w-
|
||||
@ -389,7 +438,7 @@ $ rm fff
|
||||
# Test if we deal properly with device files.
|
||||
$ mknod bbb b 1 1
|
||||
$ setfacl -m u:42:r,g:43:w bbb
|
||||
> setfacl: acl_get_file() failed: Operation not supported
|
||||
> setfacl: bbb: acl_get_file() failed: Operation not supported
|
||||
$ ls -l bbb | cut -d' ' -f1
|
||||
> brw-r--r--
|
||||
|
||||
@ -397,7 +446,7 @@ $ rm bbb
|
||||
|
||||
$ mknod ccc c 1 1
|
||||
$ setfacl -m u:42:r,g:43:w ccc
|
||||
> setfacl: acl_get_file() failed: Operation not supported
|
||||
> setfacl: ccc: acl_get_file() failed: Operation not supported
|
||||
$ ls -l ccc | cut -d' ' -f1
|
||||
> crw-r--r--
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user