Mercurial > illumos > illumos-gate
comparison usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_rwacl_001_pos.ksh @ 13899:0bcf78798346
3311 Want a test framework for arbitrary OS unit tests
3312 Add a testrunner package for OS unit tests
3313 Add a testrunner package to convert ZFS tests from STF
Reviewed by: Matt Ahrens <matthew.ahrens@delphix.com>
Reviewed by: Will Guyette <will.guyette@delphix.com>
Reviewed by: Dan Kimmel <dan.kimmel@delphix.com>
Reviewed by: Adam Leventhal <ahl@delphix.com>
Reviewed by: Henrik Mattson <henrik.mattson@delphix.com>
Reviewed by: Sonu Pillai <sonu.pillai@delphix.com>
Reviewed by: Christopher Siden <chris.siden@delphix.com>
Reviewed by: George Wilson <george.wilson@delphix.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Richard Lowe <richlowe@richlowe.net>
author | John Wren Kennedy <john.kennedy@delphix.com> |
---|---|
date | Wed, 05 Dec 2012 22:04:50 -0500 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
13898:7f822b09519b | 13899:0bcf78798346 |
---|---|
1 #!/bin/ksh -p | |
2 # | |
3 # CDDL HEADER START | |
4 # | |
5 # The contents of this file are subject to the terms of the | |
6 # Common Development and Distribution License (the "License"). | |
7 # You may not use this file except in compliance with the License. | |
8 # | |
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE | |
10 # or http://www.opensolaris.org/os/licensing. | |
11 # See the License for the specific language governing permissions | |
12 # and limitations under the License. | |
13 # | |
14 # When distributing Covered Code, include this CDDL HEADER in each | |
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE. | |
16 # If applicable, add the following below this CDDL HEADER, with the | |
17 # fields enclosed by brackets "[]" replaced with your own identifying | |
18 # information: Portions Copyright [yyyy] [name of copyright owner] | |
19 # | |
20 # CDDL HEADER END | |
21 # | |
22 | |
23 # | |
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved. | |
25 # Use is subject to license terms. | |
26 # | |
27 | |
28 . $STF_SUITE/tests/functional/acl/acl_common.kshlib | |
29 | |
30 # | |
31 # DESCRIPTION: | |
32 # Verify assigned read_acl/write_acl to owner@/group@/everyone@, | |
33 # specificied user and group. File have the correct access permission. | |
34 # | |
35 # STRATEGY: | |
36 # 1. Separatedly verify file and directory was assigned read_acl/write_acl | |
37 # by root and non-root user. | |
38 # 2. Verify owner always can read and write acl, even deny. | |
39 # 3. Verify group access permission, when group was assigned | |
40 # read_acl/write_acl. | |
41 # 4. Verify access permission, after everyone was assigned read_acl/write. | |
42 # 5. Verify everyone@ was deny except specificied user, this user can read | |
43 # and write acl. | |
44 # 6. Verify the group was deny except specified user, this user can read | |
45 # and write acl | |
46 # | |
47 | |
48 verify_runnable "both" | |
49 | |
50 log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \ | |
51 "behaviour to access permission." | |
52 log_onexit cleanup | |
53 | |
54 function read_ACL #<node> <user1> <user2> ... | |
55 { | |
56 typeset node=$1 | |
57 typeset user | |
58 typeset -i ret | |
59 | |
60 shift | |
61 for user in $@; do | |
62 chgusr_exec $user $LS -vd $node > /dev/null 2>&1 | |
63 ret=$? | |
64 (( ret != 0 )) && return $ret | |
65 | |
66 shift | |
67 done | |
68 | |
69 return 0 | |
70 } | |
71 | |
72 function write_ACL #<node> <user1> <user2> ... | |
73 { | |
74 typeset node=$1 | |
75 typeset user | |
76 typeset -i ret before_cnt after_cnt | |
77 | |
78 shift | |
79 for user in "$@"; do | |
80 before_cnt=$(count_ACE $node) | |
81 ret=$?; | |
82 (( ret != 0 )) && return $ret | |
83 | |
84 chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node | |
85 ret=$? | |
86 (( ret != 0 )) && return $ret | |
87 | |
88 after_cnt=$(count_ACE $node) | |
89 ret=$? | |
90 (( ret != 0 )) && return $ret | |
91 | |
92 chgusr_exec $user $CHMOD A0- $node | |
93 ret=$? | |
94 (( ret != 0 )) && return $ret | |
95 | |
96 if (( after_cnt - before_cnt != 1 )); then | |
97 return 1 | |
98 fi | |
99 | |
100 shift | |
101 done | |
102 | |
103 return 0 | |
104 } | |
105 | |
106 function check_owner #<node> | |
107 { | |
108 typeset node=$1 | |
109 | |
110 for acc in allow deny; do | |
111 log_must usr_exec \ | |
112 $CHMOD A0+owner@:read_acl/write_acl:$acc $node | |
113 log_must read_ACL $node $ZFS_ACL_CUR_USER | |
114 log_must write_ACL $node $ZFS_ACL_CUR_USER | |
115 log_must usr_exec $CHMOD A0- $node | |
116 done | |
117 } | |
118 | |
119 function check_group #<node> | |
120 { | |
121 typeset node=$1 | |
122 | |
123 typeset grp_usr="" | |
124 if [[ $ZFS_ACL_CUR_USER == root ]]; then | |
125 grp_usr=$ZFS_ACL_ADMIN | |
126 elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then | |
127 grp_usr=$ZFS_ACL_STAFF2 | |
128 fi | |
129 | |
130 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node | |
131 log_must read_ACL $node $grp_usr | |
132 log_must write_ACL $node $grp_usr | |
133 log_must usr_exec $CHMOD A0- $node | |
134 | |
135 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node | |
136 log_mustnot read_ACL $node $grp_usr | |
137 log_mustnot write_ACL $node $grp_usr | |
138 log_must usr_exec $CHMOD A0- $node | |
139 } | |
140 | |
141 function check_everyone #<node> | |
142 { | |
143 typeset node=$1 | |
144 | |
145 typeset flag | |
146 for flag in allow deny; do | |
147 if [[ $flag == allow ]]; then | |
148 log=log_must | |
149 else | |
150 log=log_mustnot | |
151 fi | |
152 | |
153 log_must usr_exec \ | |
154 $CHMOD A0+everyone@:read_acl/write_acl:$flag $node | |
155 | |
156 $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 | |
157 $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 | |
158 | |
159 log_must usr_exec $CHMOD A0- $node | |
160 done | |
161 } | |
162 | |
163 function check_spec_user #<node> | |
164 { | |
165 typeset node=$1 | |
166 | |
167 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node | |
168 log_must usr_exec \ | |
169 $CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node | |
170 | |
171 # The specified user can read and write acl | |
172 log_must read_ACL $node $ZFS_ACL_OTHER1 | |
173 log_must write_ACL $node $ZFS_ACL_OTHER1 | |
174 | |
175 # All the other user can't read and write acl | |
176 log_mustnot \ | |
177 read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 | |
178 log_mustnot \ | |
179 write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2 | |
180 | |
181 log_must usr_exec $CHMOD A0- $node | |
182 log_must usr_exec $CHMOD A0- $node | |
183 } | |
184 | |
185 function check_spec_group #<node> | |
186 { | |
187 typeset node=$1 | |
188 | |
189 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node | |
190 log_must usr_exec $CHMOD \ | |
191 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node | |
192 | |
193 # The specified group can read and write acl | |
194 log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 | |
195 log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2 | |
196 | |
197 # All the other user can't read and write acl | |
198 log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 | |
199 log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 | |
200 } | |
201 | |
202 function check_user_in_group #<node> | |
203 { | |
204 typeset node=$1 | |
205 | |
206 log_must usr_exec $CHMOD \ | |
207 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node | |
208 log_must usr_exec $CHMOD \ | |
209 A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node | |
210 log_must read_ACL $node $ZFS_ACL_OTHER1 | |
211 log_must write_ACL $node $ZFS_ACL_OTHER1 | |
212 log_mustnot read_ACL $node $ZFS_ACL_OTHER2 | |
213 log_mustnot write_ACL $node $ZFS_ACL_OTHER2 | |
214 | |
215 log_must usr_exec $CHMOD A0- $node | |
216 log_must usr_exec $CHMOD A0- $node | |
217 } | |
218 | |
219 set -A func_name check_owner \ | |
220 check_group \ | |
221 check_everyone \ | |
222 check_spec_user \ | |
223 check_spec_group \ | |
224 check_user_in_group | |
225 | |
226 for user in root $ZFS_ACL_STAFF1; do | |
227 log_must set_cur_usr $user | |
228 | |
229 log_must usr_exec $TOUCH $testfile | |
230 log_must usr_exec $MKDIR $testdir | |
231 | |
232 typeset func node | |
233 for func in ${func_name[@]}; do | |
234 for node in $testfile $testdir; do | |
235 eval $func \$node | |
236 done | |
237 done | |
238 | |
239 log_must usr_exec $RM -rf $testfile $testdir | |
240 done | |
241 | |
242 log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed." |