zfs/tests/zfs-tests/tests/functional/acl/posix/posix_001_pos.ksh - backupdr - Git at Google

 #!/bin/ksh -p
 #
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
 # Common Development and Distribution License (the "License").
 # You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
 # See the License for the specific language governing permissions
 # and limitations under the License.
 #
 # When distributing Covered Code, include this CDDL HEADER in each
 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 # If applicable, add the following below this CDDL HEADER, with the
 # fields enclosed by brackets "[]" replaced with your own identifying
 # information: Portions Copyright [yyyy] [name of copyright owner]
 #
 # CDDL HEADER END
 #

 #
 # Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #

 . $STF_SUITE/include/libtest.shlib
 . $STF_SUITE/tests/functional/acl/acl_common.kshlib

 #
 # Copyright (c) 2012 by Delphix. All rights reserved.
 #

 #
 # DESCRIPTION:
 #	Verify that user can access file/directory if acltype=posixacl.
 #
 # STRATEGY:
 #	1. Test access to file (mode=rw-)
 #	   a. Can modify file
 #	   b. Can't create new file
 #	   b. Can't execute file
 #

 verify_runnable "both"

 function cleanup
 {
 	rmdir $TESTDIR/dir.0
 }

 log_assert "Verify acltype=posixacl works on file"
 log_onexit cleanup

 # Test access to FILE
 log_note "Testing access to FILE"
 log_must touch $TESTDIR/file.0
 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0
 getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \
     "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
 if [ "$?" -eq "0" ]; then
 	# Should be able to write to file
 	log_must user_run $ZFS_ACL_STAFF1 \
 	    "echo 'echo test > /dev/null' > $TESTDIR/file.0"

 	# Since $TESTDIR is 777, create a new dir with controlled permissions
 	# for testing that creating a new file is not allowed.
 	log_must mkdir $TESTDIR/dir.0
 	log_must chmod 700 $TESTDIR/dir.0
 	log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0
 	# Confirm permissions
 	ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+"
 	if [ "$?" -ne "0" ]; then
 		msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}')
 		log_note "expected mask drwxrw----+ but found $msk"
 		log_fail "Expected permissions were not set."
 	fi
 	getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \
 	    "^group:$ZFS_ACL_STAFF_GROUP:rw-$"
 	if [ "$?" -ne "0" ]; then
 		acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
 		log_note $acl
 		log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set."
 	fi
 	# Should NOT be able to create new file
 	log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1"

 	# Root should be able to run file, but not user
 	chmod +x $TESTDIR/file.0
 	log_must $TESTDIR/file.0
 	log_mustnot user_run $ZFS_ACL_STAFF1 $TESTDIR/file.0

 	log_pass "POSIX ACL mode works on files"
 else
 	log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rw' as specified"
 fi
	#!/bin/ksh -p
	#
	# CDDL HEADER START
	#
	# The contents of this file are subject to the terms of the
	# Common Development and Distribution License (the "License").
	# You may not use this file except in compliance with the License.
	#
	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	# or http://www.opensolaris.org/os/licensing.
	# See the License for the specific language governing permissions
	# and limitations under the License.
	#
	# When distributing Covered Code, include this CDDL HEADER in each
	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	# If applicable, add the following below this CDDL HEADER, with the
	# fields enclosed by brackets "[]" replaced with your own identifying
	# information: Portions Copyright [yyyy] [name of copyright owner]
	#
	# CDDL HEADER END
	#

	#
	# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
	# Use is subject to license terms.
	#

	. $STF_SUITE/include/libtest.shlib
	. $STF_SUITE/tests/functional/acl/acl_common.kshlib

	#
	# Copyright (c) 2012 by Delphix. All rights reserved.
	#

	#
	# DESCRIPTION:
	# Verify that user can access file/directory if acltype=posixacl.
	#
	# STRATEGY:
	# 1. Test access to file (mode=rw-)
	# a. Can modify file
	# b. Can't create new file
	# b. Can't execute file
	#

	verify_runnable "both"

	function cleanup
	{
	rmdir $TESTDIR/dir.0
	}

	log_assert "Verify acltype=posixacl works on file"
	log_onexit cleanup

	# Test access to FILE
	log_note "Testing access to FILE"
	log_must touch $TESTDIR/file.0
	log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0
	getfacl $TESTDIR/file.0 2> /dev/null \| egrep -q \
	"^group:$ZFS_ACL_STAFF_GROUP:rw-$"
	if [ "$?" -eq "0" ]; then
	# Should be able to write to file
	log_must user_run $ZFS_ACL_STAFF1 \
	"echo 'echo test > /dev/null' > $TESTDIR/file.0"

	# Since $TESTDIR is 777, create a new dir with controlled permissions
	# for testing that creating a new file is not allowed.
	log_must mkdir $TESTDIR/dir.0
	log_must chmod 700 $TESTDIR/dir.0
	log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0
	# Confirm permissions
	ls -l $TESTDIR \|grep "dir.0" \|grep -q "drwxrw----+"
	if [ "$?" -ne "0" ]; then
	msk=$(ls -l $TESTDIR \|grep "dir.0" \| awk '{print $1}')
	log_note "expected mask drwxrw----+ but found $msk"
	log_fail "Expected permissions were not set."
	fi
	getfacl $TESTDIR/dir.0 2> /dev/null \| egrep -q \
	"^group:$ZFS_ACL_STAFF_GROUP:rw-$"
	if [ "$?" -ne "0" ]; then
	acl=$(getfacl $TESTDIR/dir.0 2> /dev/null)
	log_note $acl
	log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set."
	fi
	# Should NOT be able to create new file
	log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1"

	# Root should be able to run file, but not user
	chmod +x $TESTDIR/file.0
	log_must $TESTDIR/file.0
	log_mustnot user_run $ZFS_ACL_STAFF1 $TESTDIR/file.0

	log_pass "POSIX ACL mode works on files"
	else
	log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rw' as specified"
	fi