Mercurial > illumos > illumos-gate

comparison usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_rwacl_001_pos.ksh @ 13899:0bcf78798346

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
3311 Want a test framework for arbitrary OS unit tests 3312 Add a testrunner package for OS unit tests 3313 Add a testrunner package to convert ZFS tests from STF Reviewed by: Matt Ahrens <matthew.ahrens@delphix.com> Reviewed by: Will Guyette <will.guyette@delphix.com> Reviewed by: Dan Kimmel <dan.kimmel@delphix.com> Reviewed by: Adam Leventhal <ahl@delphix.com> Reviewed by: Henrik Mattson <henrik.mattson@delphix.com> Reviewed by: Sonu Pillai <sonu.pillai@delphix.com> Reviewed by: Christopher Siden <chris.siden@delphix.com> Reviewed by: George Wilson <george.wilson@delphix.com> Reviewed by: Richard Lowe <richlowe@richlowe.net> Approved by: Richard Lowe <richlowe@richlowe.net>
author John Wren Kennedy <john.kennedy@delphix.com>
date Wed, 05 Dec 2012 22:04:50 -0500
parents
children
comparison
equal deleted inserted replaced
13898:7f822b09519b 13899:0bcf78798346
1 #!/bin/ksh -p
2 #
3 # CDDL HEADER START
4 #
5 # The contents of this file are subject to the terms of the
6 # Common Development and Distribution License (the "License").
7 # You may not use this file except in compliance with the License.
8 #
9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 # or http://www.opensolaris.org/os/licensing.
11 # See the License for the specific language governing permissions
12 # and limitations under the License.
13 #
14 # When distributing Covered Code, include this CDDL HEADER in each
15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 # If applicable, add the following below this CDDL HEADER, with the
17 # fields enclosed by brackets "[]" replaced with your own identifying
18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 #
20 # CDDL HEADER END
21 #
22
23 #
24 # Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 # Use is subject to license terms.
26 #
27
28 . $STF_SUITE/tests/functional/acl/acl_common.kshlib
29
30 #
31 # DESCRIPTION:
32 # Verify assigned read_acl/write_acl to owner@/group@/everyone@,
33 # specificied user and group. File have the correct access permission.
34 #
35 # STRATEGY:
36 # 1. Separatedly verify file and directory was assigned read_acl/write_acl
37 # by root and non-root user.
38 # 2. Verify owner always can read and write acl, even deny.
39 # 3. Verify group access permission, when group was assigned
40 # read_acl/write_acl.
41 # 4. Verify access permission, after everyone was assigned read_acl/write.
42 # 5. Verify everyone@ was deny except specificied user, this user can read
43 # and write acl.
44 # 6. Verify the group was deny except specified user, this user can read
45 # and write acl
46 #
47
48 verify_runnable "both"
49
50 log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \
51 "behaviour to access permission."
52 log_onexit cleanup
53
54 function read_ACL #<node> <user1> <user2> ...
55 {
56 typeset node=$1
57 typeset user
58 typeset -i ret
59
60 shift
61 for user in $@; do
62 chgusr_exec $user $LS -vd $node > /dev/null 2>&1
63 ret=$?
64 (( ret != 0 )) && return $ret
65
66 shift
67 done
68
69 return 0
70 }
71
72 function write_ACL #<node> <user1> <user2> ...
73 {
74 typeset node=$1
75 typeset user
76 typeset -i ret before_cnt after_cnt
77
78 shift
79 for user in "$@"; do
80 before_cnt=$(count_ACE $node)
81 ret=$?;
82 (( ret != 0 )) && return $ret
83
84 chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node
85 ret=$?
86 (( ret != 0 )) && return $ret
87
88 after_cnt=$(count_ACE $node)
89 ret=$?
90 (( ret != 0 )) && return $ret
91
92 chgusr_exec $user $CHMOD A0- $node
93 ret=$?
94 (( ret != 0 )) && return $ret
95
96 if (( after_cnt - before_cnt != 1 )); then
97 return 1
98 fi
99
100 shift
101 done
102
103 return 0
104 }
105
106 function check_owner #<node>
107 {
108 typeset node=$1
109
110 for acc in allow deny; do
111 log_must usr_exec \
112 $CHMOD A0+owner@:read_acl/write_acl:$acc $node
113 log_must read_ACL $node $ZFS_ACL_CUR_USER
114 log_must write_ACL $node $ZFS_ACL_CUR_USER
115 log_must usr_exec $CHMOD A0- $node
116 done
117 }
118
119 function check_group #<node>
120 {
121 typeset node=$1
122
123 typeset grp_usr=""
124 if [[ $ZFS_ACL_CUR_USER == root ]]; then
125 grp_usr=$ZFS_ACL_ADMIN
126 elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then
127 grp_usr=$ZFS_ACL_STAFF2
128 fi
129
130 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node
131 log_must read_ACL $node $grp_usr
132 log_must write_ACL $node $grp_usr
133 log_must usr_exec $CHMOD A0- $node
134
135 log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node
136 log_mustnot read_ACL $node $grp_usr
137 log_mustnot write_ACL $node $grp_usr
138 log_must usr_exec $CHMOD A0- $node
139 }
140
141 function check_everyone #<node>
142 {
143 typeset node=$1
144
145 typeset flag
146 for flag in allow deny; do
147 if [[ $flag == allow ]]; then
148 log=log_must
149 else
150 log=log_mustnot
151 fi
152
153 log_must usr_exec \
154 $CHMOD A0+everyone@:read_acl/write_acl:$flag $node
155
156 $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
157 $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
158
159 log_must usr_exec $CHMOD A0- $node
160 done
161 }
162
163 function check_spec_user #<node>
164 {
165 typeset node=$1
166
167 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node
168 log_must usr_exec \
169 $CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
170
171 # The specified user can read and write acl
172 log_must read_ACL $node $ZFS_ACL_OTHER1
173 log_must write_ACL $node $ZFS_ACL_OTHER1
174
175 # All the other user can't read and write acl
176 log_mustnot \
177 read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
178 log_mustnot \
179 write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
180
181 log_must usr_exec $CHMOD A0- $node
182 log_must usr_exec $CHMOD A0- $node
183 }
184
185 function check_spec_group #<node>
186 {
187 typeset node=$1
188
189 log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node
190 log_must usr_exec $CHMOD \
191 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node
192
193 # The specified group can read and write acl
194 log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
195 log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
196
197 # All the other user can't read and write acl
198 log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
199 log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
200 }
201
202 function check_user_in_group #<node>
203 {
204 typeset node=$1
205
206 log_must usr_exec $CHMOD \
207 A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node
208 log_must usr_exec $CHMOD \
209 A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
210 log_must read_ACL $node $ZFS_ACL_OTHER1
211 log_must write_ACL $node $ZFS_ACL_OTHER1
212 log_mustnot read_ACL $node $ZFS_ACL_OTHER2
213 log_mustnot write_ACL $node $ZFS_ACL_OTHER2
214
215 log_must usr_exec $CHMOD A0- $node
216 log_must usr_exec $CHMOD A0- $node
217 }
218
219 set -A func_name check_owner \
220 check_group \
221 check_everyone \
222 check_spec_user \
223 check_spec_group \
224 check_user_in_group
225
226 for user in root $ZFS_ACL_STAFF1; do
227 log_must set_cur_usr $user
228
229 log_must usr_exec $TOUCH $testfile
230 log_must usr_exec $MKDIR $testdir
231
232 typeset func node
233 for func in ${func_name[@]}; do
234 for node in $testfile $testdir; do
235 eval $func \$node
236 done
237 done
238
239 log_must usr_exec $RM -rf $testfile $testdir
240 done
241
242 log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed."