zfs/tests/zfs-tests/tests/functional/delegate/zfs_allow_010_pos.ksh - backupdr - Git at Google

 #!/bin/ksh -p
 #
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
 # Common Development and Distribution License (the "License").
 # You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
 # See the License for the specific language governing permissions
 # and limitations under the License.
 #
 # When distributing Covered Code, include this CDDL HEADER in each
 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 # If applicable, add the following below this CDDL HEADER, with the
 # fields enclosed by brackets "[]" replaced with your own identifying
 # information: Portions Copyright [yyyy] [name of copyright owner]
 #
 # CDDL HEADER END
 #

 #
 # Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #

 #
 # Copyright (c) 2013, 2016 by Delphix. All rights reserved.
 #

 . $STF_SUITE/tests/functional/delegate/delegate_common.kshlib

 #
 # DESCRIPTION:
 #	Scan the following permissions one by one to verify privileged user
 #	has correct permission delegation in datasets.
 #
 # STRATEGY:
 #	1. Delegate all the permission one by one to user on dataset.
 #	2. Verify privileged user has correct permission without any other
 #	   permissions allowed.
 #

 verify_runnable "both"

 log_assert "Verify privileged user has correct permissions once which was "\
 	"delegated to him in datasets"
 log_onexit restore_root_datasets

 if is_linux; then
 #
 #				Results in	Results in
 #		Permission	Filesystem	Volume
 #
 # Removed for Linux:
 # - mount	- mount(8) does not permit non-superuser mounts
 # - mountpoint	- mount(8) does not permit non-superuser mounts
 # - canmount	- mount(8) does not permit non-superuser mounts
 # - rename      - mount(8) does not permit non-superuser mounts
 # - zoned	- zones are not supported
 # - destroy     - umount(8) does not permit non-superuser umounts
 # - sharenfs	- sharing requires superuser privileges
 # - share	- sharing requires superuser privileges
 # - readonly	- mount(8) does not permit non-superuser remounts
 #
 set -A perms	create		true		false	\
 		snapshot	true		true	\
 		send		true		true	\
 		allow		true		true	\
 		quota		true		false	\
 		reservation	true		true	\
 		dnodesize	true		false	\
 		recordsize	true		false	\
 		checksum	true		true	\
 		compression	true		true	\
 		atime		true		false	\
 		devices		true		false	\
 		exec		true		false	\
 		volsize		false		true	\
 		setuid		true		false	\
 		snapdir		true		false	\
 		userprop	true		true	\
 		aclinherit	true		false	\
 		rollback	true		true	\
 		clone		true		true	\
 		promote		true		true	\
 		xattr		true		false	\
 		receive		true		false
 else

 set -A perms	create		true		false	\
 		snapshot	true		true	\
 		mount		true		false	\
 		send		true		true	\
 		allow		true		true	\
 		quota		true		false	\
 		reservation	true		true	\
 		dnodesize	true		false	\
 		recordsize	true		false	\
 		mountpoint	true		false	\
 		checksum	true		true	\
 		compression	true		true	\
 		canmount	true		false	\
 		atime		true		false	\
 		devices		true		false	\
 		exec		true		false	\
 		volsize		false		true	\
 		setuid		true		false	\
 		readonly	true		true	\
 		snapdir		true		false	\
 		userprop	true		true	\
 		aclmode		true		false	\
 		aclinherit	true		false	\
 		rollback	true		true	\
 		clone		true		true	\
 		rename		true		true	\
 		promote		true		true	\
 		zoned		true		false	\
 		xattr		true		false	\
 		receive		true		false	\
 		destroy		true		true

 if is_global_zone; then
 	typeset -i n=${#perms[@]}
 	perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
 	perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
 fi
 fi

 for dtst in $DATASETS; do
 	typeset -i k=1
 	typeset type=$(get_prop type $dtst)
 	[[ $type == "volume" ]] && k=2

 	typeset -i i=0
 	while (( i < ${#perms[@]} )); do
 		log_must zfs allow $STAFF1 ${perms[$i]} $dtst

 		if [[ ${perms[((i+k))]} == "true" ]]; then
 			log_must verify_perm $dtst ${perms[$i]} $STAFF1
 		else
 			log_must verify_noperm $dtst ${perms[$i]} $STAFF1
 		fi

 		log_must restore_root_datasets

 		((i += 3))
 	done
 done

 log_pass "Verify privileged user has correct permissions " \
 	"in datasets passed."
	#!/bin/ksh -p
	#
	# CDDL HEADER START
	#
	# The contents of this file are subject to the terms of the
	# Common Development and Distribution License (the "License").
	# You may not use this file except in compliance with the License.
	#
	# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	# or http://www.opensolaris.org/os/licensing.
	# See the License for the specific language governing permissions
	# and limitations under the License.
	#
	# When distributing Covered Code, include this CDDL HEADER in each
	# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	# If applicable, add the following below this CDDL HEADER, with the
	# fields enclosed by brackets "[]" replaced with your own identifying
	# information: Portions Copyright [yyyy] [name of copyright owner]
	#
	# CDDL HEADER END
	#

	#
	# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
	# Use is subject to license terms.
	#

	#
	# Copyright (c) 2013, 2016 by Delphix. All rights reserved.
	#

	. $STF_SUITE/tests/functional/delegate/delegate_common.kshlib

	#
	# DESCRIPTION:
	# Scan the following permissions one by one to verify privileged user
	# has correct permission delegation in datasets.
	#
	# STRATEGY:
	# 1. Delegate all the permission one by one to user on dataset.
	# 2. Verify privileged user has correct permission without any other
	# permissions allowed.
	#

	verify_runnable "both"

	log_assert "Verify privileged user has correct permissions once which was "\
	"delegated to him in datasets"
	log_onexit restore_root_datasets

	if is_linux; then
	#
	# Results in Results in
	# Permission Filesystem Volume
	#
	# Removed for Linux:
	# - mount - mount(8) does not permit non-superuser mounts
	# - mountpoint - mount(8) does not permit non-superuser mounts
	# - canmount - mount(8) does not permit non-superuser mounts
	# - rename - mount(8) does not permit non-superuser mounts
	# - zoned - zones are not supported
	# - destroy - umount(8) does not permit non-superuser umounts
	# - sharenfs - sharing requires superuser privileges
	# - share - sharing requires superuser privileges
	# - readonly - mount(8) does not permit non-superuser remounts
	#
	set -A perms create true false \
	snapshot true true \
	send true true \
	allow true true \
	quota true false \
	reservation true true \
	dnodesize true false \
	recordsize true false \
	checksum true true \
	compression true true \
	atime true false \
	devices true false \
	exec true false \
	volsize false true \
	setuid true false \
	snapdir true false \
	userprop true true \
	aclinherit true false \
	rollback true true \
	clone true true \
	promote true true \
	xattr true false \
	receive true false
	else

	set -A perms create true false \
	snapshot true true \
	mount true false \
	send true true \
	allow true true \
	quota true false \
	reservation true true \
	dnodesize true false \
	recordsize true false \
	mountpoint true false \
	checksum true true \
	compression true true \
	canmount true false \
	atime true false \
	devices true false \
	exec true false \
	volsize false true \
	setuid true false \
	readonly true true \
	snapdir true false \
	userprop true true \
	aclmode true false \
	aclinherit true false \
	rollback true true \
	clone true true \
	rename true true \
	promote true true \
	zoned true false \
	xattr true false \
	receive true false \
	destroy true true

	if is_global_zone; then
	typeset -i n=${#perms[@]}
	perms[((n))]="sharenfs"; perms[((n+1))]="true"; perms[((n+2))]="false"
	perms[((n+3))]="share"; perms[((n+4))]="true"; perms[((n+5))]="false"
	fi
	fi

	for dtst in $DATASETS; do
	typeset -i k=1
	typeset type=$(get_prop type $dtst)
	[[ $type == "volume" ]] && k=2

	typeset -i i=0
	while (( i < ${#perms[@]} )); do
	log_must zfs allow $STAFF1 ${perms[$i]} $dtst

	if [[ ${perms[((i+k))]} == "true" ]]; then
	log_must verify_perm $dtst ${perms[$i]} $STAFF1
	else
	log_must verify_noperm $dtst ${perms[$i]} $STAFF1
	fi

	log_must restore_root_datasets

	((i += 3))
	done
	done

	log_pass "Verify privileged user has correct permissions " \
	"in datasets passed."