freebsd-skq/tools/regression/acltools/tools-posix.test

# This is a tools-level test for POSIX.1e ACL functionality.  Run it as root
# using ACL-enabled kernel:
#
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
#
# WARNING: Creates files in unsafe way.
#
# $FreeBSD$

$ whoami
> root
$ umask 022

# Smoke test for getfacl(1).
$ touch xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ getfacl -q xxx
> user::rw-
> group::r--
> other::r--

$ setfacl -m u:42:r,g:43:w xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

# Check whether ls correctly marks files with "+".
$ ls -l xxx | cut -d' ' -f1
> -rw-rw-r--+

# Same as above, but for symlinks.
$ ln -s xxx lll
$ getfacl -h lll
> # file: lll
> # owner: root
> # group: wheel
> user::rwx
> group::r-x
> other::r-x

$ getfacl -qh lll
> user::rwx
> group::r-x
> other::r-x

$ getfacl -q lll
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ setfacl -hm u:44:x,g:45:w lll
$ getfacl -h lll
> # file: lll
> # owner: root
> # group: wheel
> user::rwx
> user:44:--x
> group::r-x
> group:45:-w-
> mask::rwx
> other::r-x

$ ls -l lll | cut -d' ' -f1
> lrwxrwxr-x+

# Check whether the original file is left untouched.
$ ls -l xxx | cut -d' ' -f1
> -rw-rw-r--+

$ rm lll

# Test removing entries.
$ setfacl -x user:42: xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ setfacl -m g:43:r xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:r--
> mask::r--
> other::r--

# Make sure cp without any flags does not copy the ACL.
$ cp xxx yyy
$ ls -l yyy | cut -d' ' -f1
> -rw-r--r--

# Make sure it does with the "-p" flag.
$ rm yyy
$ cp -p xxx yyy
$ getfacl yyy
> # file: yyy
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:r--
> mask::r--
> other::r--

$ rm yyy

# Test removing entries by...  by example?
$ setfacl -m u:42:r,g:43:w xxx
$ setfacl -x u:42: xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

# Test setfacl -b.
$ setfacl -b xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> mask::r--
> other::r--

$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--+

$ setfacl -nb xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ ls -l xxx | cut -d' ' -f1
> -rw-r--r--

# Check setfacl(1) and getfacl(1) with multiple files.
$ touch xxx yyy zzz

$ ls -l xxx yyy zzz | cut -d' ' -f1
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--

$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-rwxr--+
> -rw-rwxr--+
> -rw-rwxr--+

$ getfacl -q nnn xxx yyy zzz
> getfacl: nnn: No such file or directory
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--
> 
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--
> 
> user::rw-
> user:42:--x
> group::r--
> group:43:-w-
> mask::rwx
> other::r--

$ setfacl -b nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--+
> -rw-r--r--+
> -rw-r--r--+

$ setfacl -bn nnn xxx yyy zzz
> setfacl: stat() of nnn failed: No such file or directory

$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
> ls: nnn: No such file or directory
> -rw-r--r--
> -rw-r--r--
> -rw-r--r--

$ rm xxx yyy zzz

# Check whether chmod actually does what it should do.
$ touch xxx
$ setfacl -m u:42:rwx,g:43:rwx xxx
$ chmod 600 xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::rw-
> user:42:rwx		# effective: ---
> group::r--		# effective: ---
> group:43:rwx		# effective: ---
> mask::---
> other::---

$ chmod 060 xxx
$ getfacl xxx
> # file: xxx
> # owner: root
> # group: wheel
> user::---
> user:42:rwx		# effective: rw-
> group::r--
> group:43:rwx		# effective: rw-
> mask::rw-
> other::---

# Test default ACLs.
$ umask 022
$ mkdir ddd
$ getfacl -q ddd
> user::rwx
> group::r-x
> other::r-x

$ ls -l | grep ddd | cut -d' ' -f1
> drwxr-xr-x

$ getfacl -dq ddd
$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
$ getfacl -dq ddd
> user::rwx
> group::r-x
> mask::rwx
> other::r-x

# No change - ls(1) output doesn't take into account default ACLs.
$ ls -l | grep ddd | cut -d' ' -f1
> drwxr-xr-x

$ setfacl -dm g:42:rwx,u:42:r ddd
$ setfacl -dm g::w ddd
$ getfacl -dq ddd
> user::rwx
> user:42:r--
> group::-w-
> group:42:rwx
> mask::rwx
> other::r-x

$ setfacl -dx group:42: ddd
$ getfacl -dq ddd
> user::rwx
> user:42:r--
> group::-w-
> mask::rw-
> other::r-x

$ ls -l | grep ddd | cut -d' ' -f1
> drwxr-xr-x

$ rmdir ddd
$ rm xxx

# Test inheritance.
$ mkdir ddd

$ touch ddd/xxx
$ getfacl -q ddd/xxx
> user::rw-
> group::r--
> other::r--

$ mkdir ddd/ddd
$ getfacl -q ddd/ddd
> user::rwx
> group::r-x
> other::r-x

$ rmdir ddd/ddd
$ rm ddd/xxx

$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd
$ setfacl -dm g:42:rwx,u:43:r ddd
$ getfacl -dq ddd
> user::rwx
> user:43:r--
> group::r-x
> group:42:rwx
> mask::rwx
> other::r-x

$ touch ddd/xxx
$ getfacl -q ddd/xxx
> user::rw-
> user:43:r--
> group::r-x		# effective: r--
> group:42:rwx		# effective: r--
> mask::r--
> other::r--

$ mkdir ddd/ddd
$ getfacl -q ddd/ddd
> user::rwx
> user:43:r--
> group::r-x
> group:42:rwx		# effective: r-x
> mask::r-x
> other::r-x

$ rmdir ddd/ddd
$ rm ddd/xxx
$ rmdir ddd

# Test if we deal properly with fifos.
$ mkfifo fff
$ ls -l fff | cut -d' ' -f1
> prw-r--r--

$ setfacl -m u:42:r,g:43:w fff
$ getfacl fff
> # file: fff
> # owner: root
> # group: wheel
> user::rw-
> user:42:r--
> group::r--
> group:43:-w-
> mask::rw-
> other::r--

$ ls -l fff | cut -d' ' -f1
> prw-rw-r--+

$ setfacl -bn fff
$ getfacl fff
> # file: fff
> # owner: root
> # group: wheel
> user::rw-
> group::r--
> other::r--

$ ls -l fff | cut -d' ' -f1
> prw-r--r--

$ rm fff

# Test if we deal properly with device files.
$ mknod bbb b 1 1
$ setfacl -m u:42:r,g:43:w bbb
> setfacl: acl_get_file() failed: Operation not supported
$ ls -l bbb | cut -d' ' -f1
> brw-r--r--

$ rm bbb

$ mknod ccc c 1 1
$ setfacl -m u:42:r,g:43:w ccc
> setfacl: acl_get_file() failed: Operation not supported
$ ls -l ccc | cut -d' ' -f1
> crw-r--r--

$ rm ccc
Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00			`# This is a tools-level test for POSIX.1e ACL functionality. Run it as root`
			`# using ACL-enabled kernel:`
			`#`
			`# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test`
			`#`
			`# WARNING: Creates files in unsafe way.`
			`#`
			`# $FreeBSD$`

			`$ whoami`
			`> root`
			`$ umask 022`

			`# Smoke test for getfacl(1).`
			`$ touch xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> other::r--`

			`$ getfacl -q xxx`
			`> user::rw-`
			`> group::r--`
			`> other::r--`

			`$ setfacl -m u:42:r,g:43:w xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> user:42:r--`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rw-`
			`> other::r--`

			`# Check whether ls correctly marks files with "+".`
			`$ ls -l xxx \| cut -d' ' -f1`
			`> -rw-rw-r--+`

Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`# Same as above, but for symlinks.`
			`$ ln -s xxx lll`
			`$ getfacl -h lll`
			`> # file: lll`
			`> # owner: root`
			`> # group: wheel`
			`> user::rwx`
			`> group::r-x`
			`> other::r-x`

			`$ getfacl -qh lll`
			`> user::rwx`
			`> group::r-x`
			`> other::r-x`

			`$ getfacl -q lll`
			`> user::rw-`
			`> user:42:r--`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rw-`
			`> other::r--`

			`$ setfacl -hm u:44:x,g:45:w lll`
			`$ getfacl -h lll`
			`> # file: lll`
			`> # owner: root`
			`> # group: wheel`
			`> user::rwx`
			`> user:44:--x`
			`> group::r-x`
			`> group:45:-w-`
			`> mask::rwx`
			`> other::r-x`

			`$ ls -l lll \| cut -d' ' -f1`
Adapt to the fact that ls(1) correctly prints '+' for symlinks with ACLs now. 2009-09-01 15:51:36 +00:00			`> lrwxrwxr-x+`
Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00
			`# Check whether the original file is left untouched.`
			`$ ls -l xxx \| cut -d' ' -f1`
			`> -rw-rw-r--+`

			`$ rm lll`

Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00			`# Test removing entries.`
			`$ setfacl -x user:42: xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rw-`
			`> other::r--`

			`$ setfacl -m g:43:r xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> group:43:r--`
			`> mask::r--`
			`> other::r--`

			`# Make sure cp without any flags does not copy the ACL.`
			`$ cp xxx yyy`
			`$ ls -l yyy \| cut -d' ' -f1`
			`> -rw-r--r--`

			`# Make sure it does with the "-p" flag.`
			`$ rm yyy`
			`$ cp -p xxx yyy`
			`$ getfacl yyy`
			`> # file: yyy`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> group:43:r--`
			`> mask::r--`
			`> other::r--`

			`$ rm yyy`

			`# Test removing entries by... by example?`
			`$ setfacl -m u:42:r,g:43:w xxx`
			`$ setfacl -x u:42: xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rw-`
			`> other::r--`

			`# Test setfacl -b.`
			`$ setfacl -b xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> mask::r--`
			`> other::r--`

			`$ ls -l xxx \| cut -d' ' -f1`
			`> -rw-r--r--+`

			`$ setfacl -nb xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> other::r--`

			`$ ls -l xxx \| cut -d' ' -f1`
			`> -rw-r--r--`

			`# Check setfacl(1) and getfacl(1) with multiple files.`
			`$ touch xxx yyy zzz`

			`$ ls -l xxx yyy zzz \| cut -d' ' -f1`
			`> -rw-r--r--`
			`> -rw-r--r--`
			`> -rw-r--r--`

			`$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz`
			`> setfacl: stat() of nnn failed: No such file or directory`

			`$ ls -l nnn xxx yyy zzz \| cut -d' ' -f1`
			`> ls: nnn: No such file or directory`
			`> -rw-rwxr--+`
			`> -rw-rwxr--+`
			`> -rw-rwxr--+`

			`$ getfacl -q nnn xxx yyy zzz`
			`> getfacl: nnn: No such file or directory`
			`> user::rw-`
			`> user:42:--x`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rwx`
			`> other::r--`
			`>`
			`> user::rw-`
			`> user:42:--x`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rwx`
			`> other::r--`
			`>`
			`> user::rw-`
			`> user:42:--x`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rwx`
			`> other::r--`

			`$ setfacl -b nnn xxx yyy zzz`
			`> setfacl: stat() of nnn failed: No such file or directory`

			`$ ls -l nnn xxx yyy zzz \| cut -d' ' -f1`
			`> ls: nnn: No such file or directory`
			`> -rw-r--r--+`
			`> -rw-r--r--+`
			`> -rw-r--r--+`

Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`$ setfacl -bn nnn xxx yyy zzz`
			`> setfacl: stat() of nnn failed: No such file or directory`

			`$ ls -l nnn xxx yyy zzz \| cut -d' ' -f1`
			`> ls: nnn: No such file or directory`
			`> -rw-r--r--`
			`> -rw-r--r--`
			`> -rw-r--r--`

Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00			`$ rm xxx yyy zzz`

			`# Check whether chmod actually does what it should do.`
			`$ touch xxx`
			`$ setfacl -m u:42:rwx,g:43:rwx xxx`
			`$ chmod 600 xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> user:42:rwx # effective: ---`
			`> group::r-- # effective: ---`
			`> group:43:rwx # effective: ---`
			`> mask::---`
			`> other::---`

			`$ chmod 060 xxx`
			`$ getfacl xxx`
			`> # file: xxx`
			`> # owner: root`
			`> # group: wheel`
			`> user::---`
			`> user:42:rwx # effective: rw-`
			`> group::r--`
			`> group:43:rwx # effective: rw-`
			`> mask::rw-`
			`> other::---`

			`# Test default ACLs.`
			`$ umask 022`
			`$ mkdir ddd`
			`$ getfacl -q ddd`
			`> user::rwx`
			`> group::r-x`
			`> other::r-x`

Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`$ ls -l \| grep ddd \| cut -d' ' -f1`
			`> drwxr-xr-x`

Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00			`$ getfacl -dq ddd`
Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd`
Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00			`$ getfacl -dq ddd`
			`> user::rwx`
			`> group::r-x`
			`> mask::rwx`
			`> other::r-x`

Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`# No change - ls(1) output doesn't take into account default ACLs.`
			`$ ls -l \| grep ddd \| cut -d' ' -f1`
			`> drwxr-xr-x`

Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00			`$ setfacl -dm g:42:rwx,u:42:r ddd`
			`$ setfacl -dm g::w ddd`
			`$ getfacl -dq ddd`
			`> user::rwx`
			`> user:42:r--`
			`> group::-w-`
			`> group:42:rwx`
			`> mask::rwx`
			`> other::r-x`

			`$ setfacl -dx group:42: ddd`
			`$ getfacl -dq ddd`
			`> user::rwx`
			`> user:42:r--`
			`> group::-w-`
			`> mask::rw-`
			`> other::r-x`

Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`$ ls -l \| grep ddd \| cut -d' ' -f1`
			`> drwxr-xr-x`
Add tools-level test for POSIX.1e functionality. Approved by: rwatson (mentor) 2008-11-25 18:29:33 +00:00
			`$ rmdir ddd`
			`$ rm xxx`

Add a few more regression tests for POSIX.1e ACLs. 2009-04-13 13:51:53 +00:00			`# Test inheritance.`
			`$ mkdir ddd`

			`$ touch ddd/xxx`
			`$ getfacl -q ddd/xxx`
			`> user::rw-`
			`> group::r--`
			`> other::r--`

			`$ mkdir ddd/ddd`
			`$ getfacl -q ddd/ddd`
			`> user::rwx`
			`> group::r-x`
			`> other::r-x`

			`$ rmdir ddd/ddd`
			`$ rm ddd/xxx`

			`$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd`
			`$ setfacl -dm g:42:rwx,u:43:r ddd`
			`$ getfacl -dq ddd`
			`> user::rwx`
			`> user:43:r--`
			`> group::r-x`
			`> group:42:rwx`
			`> mask::rwx`
			`> other::r-x`

			`$ touch ddd/xxx`
			`$ getfacl -q ddd/xxx`
			`> user::rw-`
			`> user:43:r--`
			`> group::r-x # effective: r--`
			`> group:42:rwx # effective: r--`
			`> mask::r--`
			`> other::r--`

			`$ mkdir ddd/ddd`
			`$ getfacl -q ddd/ddd`
			`> user::rwx`
			`> user:43:r--`
			`> group::r-x`
			`> group:42:rwx # effective: r-x`
			`> mask::r-x`
			`> other::r-x`

			`$ rmdir ddd/ddd`
			`$ rm ddd/xxx`
			`$ rmdir ddd`

Fix fpathconf(3) on fifos, in effect making ls(1) properly display '+' on them. Taken from kern/125613, with cosmetic changes. PR: kern/125613 Submitted by: Jaakko Heinonen <jh at saunalahti dot fi> Approved by: re (kib) 2009-07-02 20:05:21 +00:00			`# Test if we deal properly with fifos.`
			`$ mkfifo fff`
			`$ ls -l fff \| cut -d' ' -f1`
			`> prw-r--r--`

			`$ setfacl -m u:42:r,g:43:w fff`
			`$ getfacl fff`
			`> # file: fff`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> user:42:r--`
			`> group::r--`
			`> group:43:-w-`
			`> mask::rw-`
			`> other::r--`

			`$ ls -l fff \| cut -d' ' -f1`
			`> prw-rw-r--+`

			`$ setfacl -bn fff`
			`$ getfacl fff`
			`> # file: fff`
			`> # owner: root`
			`> # group: wheel`
			`> user::rw-`
			`> group::r--`
			`> other::r--`

			`$ ls -l fff \| cut -d' ' -f1`
			`> prw-r--r--`

			`$ rm fff`

Add regression test for ACLs on device files - mostly to make sure we don't crash on attempt to set ACL on them. 2009-08-31 20:11:35 +00:00			`# Test if we deal properly with device files.`
			`$ mknod bbb b 1 1`
			`$ setfacl -m u:42:r,g:43:w bbb`
			`> setfacl: acl_get_file() failed: Operation not supported`
			`$ ls -l bbb \| cut -d' ' -f1`
			`> brw-r--r--`

			`$ rm bbb`

			`$ mknod ccc c 1 1`
			`$ setfacl -m u:42:r,g:43:w ccc`
			`> setfacl: acl_get_file() failed: Operation not supported`
			`$ ls -l ccc \| cut -d' ' -f1`
			`> crw-r--r--`

			`$ rm ccc`