--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_owner_001_pos.ksh	Wed Dec 05 22:04:50 2012 -0500
@@ -0,0 +1,324 @@
+#!/bin/ksh -p
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+
+#
+# Copyright (c) 2012 by Delphix. All rights reserved.
+#
+
+. $STF_SUITE/tests/functional/acl/acl_common.kshlib
+
+#
+# DESCRIPTION:
+#	Verify that the write_owner for
+#	owner/group/everyone are correct.
+#
+# STRATEGY:
+# 1. Create file and  directory in zfs filesystem
+# 2. Set special write_owner ACE to the file and directory
+# 3. Try to chown/chgrp of the file and directory to take owner/group
+# 4. Verify that the owner/group are correct. Follow these rules:
+#	(1) If uid is granted the write_owner permission, then it can only do
+#	    chown to its own uid, or a group that they are a member of.
+#	(2) Owner will ignore permission of (1) even write_owner not granted.
+#	(3) Superuser will always permit whatever they do.
+#
+
+verify_runnable "both"
+
+function cleanup
+{
+	[[ -d $basedir ]] && $RM -rf $basedir
+	[[ -f $TESTDIR/$ARCHIVEFILE ]] && log_must $RM -f $TESTDIR/$ARCHIVEFILE
+	return 0
+}
+
+log_assert "Verify that the chown/chgrp could take owner/group " \
+	"while permission is granted."
+log_onexit cleanup
+
+#
+# Get the owner of a file/directory
+#
+function get_owner
+{
+	typeset node=$1
+
+	if [[ -z $node ]]; then
+		log_fail "node are not defined."
+	fi
+
+	$ECHO $($LS -dl $node | $AWK '{print $3}')
+}
+
+#
+# Get the group of a file/directory
+#
+function get_group
+{
+	typeset node=$1
+
+	if [[ -z $node ]]; then
+		log_fail "node are not defined."
+	fi
+
+	$ECHO $($LS -dl $node | $AWK '{print $4}')
+}
+
+
+#
+# Get the group name that a UID belongs to
+#
+function get_user_group
+{
+	typeset uid=$1
+	typeset value
+
+	if [[ -z $uid ]]; then
+		log_fail "UID not defined."
+	fi
+
+	value=$(id $uid)
+
+	if [[ $? -eq 0 ]]; then
+		value=${value##*\(}
+		value=${value%%\)*}
+		$ECHO $value
+	else
+		log_fail "Invalid UID (uid)."
+	fi
+}
+
+function operate_node_owner
+{
+	typeset user=$1
+	typeset node=$2
+	typeset old_owner=$3
+	typeset expect_owner=$4
+	typeset ret new_owner
+
+	if [[ $user == "" || $node == "" ]]; then
+		log_fail "user, node are not defined."
+	fi
+
+	$SU $user -c "$CHOWN $expect_owner $node"
+	ret=$?
+	new_owner=$(get_owner $node)
+
+	if [[ $new_owner != $old_owner ]]; then
+		$TAR xpf $TESTDIR/$ARCHIVEFILE
+	fi
+
+	if [[ $ret -eq 0 ]]; then
+		if [[ $new_owner != $expect_owner ]]; then
+			log_note "Owner not changed as expected " \
+				"($old_owner|$new_owner|$expect_owner), " \
+				"but return code is $ret."
+			return 1
+		fi
+	elif [[ $ret -ne 0 && $new_owner != $old_owner ]]; then
+		log_note "Owner changed ($old_owner|$new_owner), " \
+			"but return code is $ret."
+		return 2
+	fi
+
+	return $ret
+}
+
+function operate_node_group
+{
+	typeset user=$1
+	typeset node=$2
+	typeset old_group=$3
+	typeset expect_group=$4
+	typeset ret new_group
+
+	if [[ $user == "" || $node == "" ]]; then
+		log_fail "user, node are not defined."
+	fi
+
+	$SU $user -c "$CHGRP $expect_group $node"
+	ret=$?
+	new_group=$(get_group $node)
+
+	if [[ $new_group != $old_group ]]; then
+		$TAR xpf $TESTDIR/$ARCHIVEFILE
+	fi
+
+	if [[ $ret -eq 0 ]]; then
+		if [[ $new_group != $expect_group ]]; then
+			log_note "Group not changed as expected " \
+				"($old_group|$new_group|$expect_group), " \
+				"but return code is $ret."
+			return 1
+		fi
+	elif [[ $ret -ne 0 && $new_group != $old_group ]]; then
+		log_note "Group changed ($old_group|$new_group), " \
+			"but return code is $ret."
+		return 2
+	fi
+
+	return $ret
+}
+
+function logname
+{
+	typeset acl_target=$1
+	typeset user=$2
+	typeset old=$3
+	typeset new=$4
+	typeset ret="log_mustnot"
+
+	# To super user, read and write deny permission was override.
+	if [[ $user == root ]]; then
+		ret="log_must"
+	elif [[ $user == $new ]] ; then
+		if [[ $user == $old || $acl_target == *:allow ]]; then
+			ret="log_must"
+		fi
+	fi
+
+	print $ret
+}
+
+function check_chmod_results
+{
+	typeset user=$1
+	typeset node=$2
+	typeset flag=$3
+	typeset acl_target=$3:$4
+	typeset g_usr=$5
+	typeset o_usr=$6
+	typeset log old_owner old_group new_owner new_group
+
+	old_owner=$(get_owner $node)
+	old_group=$(get_group $node)
+
+	if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
+		for new_owner in $user "nobody"; do
+			new_group=$(get_user_group $new_owner)
+
+			log=$(logname $acl_target $user \
+				$old_owner $new_owner)
+
+			$log operate_node_owner $user $node \
+				$old_owner $new_owner
+
+			$log operate_node_group $user $node \
+				$old_group $new_group
+		done
+	fi
+	if [[ $flag == "group@" || $flag == "everyone@" ]]; then
+		for new_owner in $g_usr "nobody"; do
+			new_group=$(get_user_group $new_owner)
+
+			log=$(logname $acl_target $g_usr $old_owner \
+				$new_owner)
+
+			$log operate_node_owner $g_usr $node \
+				$old_owner $new_owner
+
+			$log operate_node_group $g_usr \
+				$node $old_group $new_group
+		done
+	fi
+	if [[ $flag == "everyone@" ]]; then
+		for new_owner in $g_usr "nobody"; do
+			new_group=$(get_user_group $new_owner)
+
+			log=$(logname $acl_target $o_usr $old_owner \
+				$new_owner)
+
+			$log operate_node_owner $o_usr $node \
+				$old_owner $new_owner
+
+			$log operate_node_group $o_usr $node \
+				$old_group $new_group
+		done
+	fi
+}
+
+function test_chmod_basic_access
+{
+	typeset user=$1
+	typeset node=${2%/}
+	typeset g_usr=$3
+	typeset o_usr=$4
+	typeset flag acl_t
+
+	for flag in $a_flag; do
+		for acl_t in $a_access; do
+			log_must $SU $user -c "$CHMOD A+$flag:$acl_t $node"
+
+			$TAR cpf $TESTDIR/$ARCHIVEFILE basedir
+
+			check_chmod_results $user $node $flag $acl_t $g_usr \
+			    $o_usr
+
+			log_must $SU $user -c "$CHMOD A0- $node"
+		done
+	done
+}
+
+function setup_test_files
+{
+	typeset base_node=$1
+	typeset user=$2
+	typeset group=$3
+
+	$RM -rf $base_node
+
+	log_must $MKDIR -p $base_node
+	log_must $CHOWN $user:$group $base_node
+
+	# Prepare all files/sub-dirs for testing.
+	log_must $SU $user -c "$TOUCH $file"
+	log_must $SU $user -c "$CHMOD 444 $file"
+	log_must $SU $user -c "$MKDIR -p $dir"
+	log_must $SU $user -c "$CHMOD 444 $dir"
+	log_must $SU $user -c "$CHMOD 555 $base_node"
+}
+
+typeset ARCHIVEFILE=archive.tar
+typeset a_access="write_owner:allow write_owner:deny"
+typeset a_flag="owner@ group@ everyone@"
+typeset basedir="$TESTDIR/basedir"
+typeset file="$basedir/file"
+typeset dir="$basedir/dir"
+
+cd $TESTDIR
+setup_test_files $basedir 'root' 'root'
+test_chmod_basic_access 'root' $file $ZFS_ACL_ADMIN  $ZFS_ACL_OTHER1
+test_chmod_basic_access 'root' $dir $ZFS_ACL_ADMIN  $ZFS_ACL_OTHER1
+$RM -rf $basedir
+
+setup_test_files $basedir $ZFS_ACL_STAFF1 $ZFS_ACL_STAFF_GROUP
+test_chmod_basic_access $ZFS_ACL_STAFF1 $file $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER1
+test_chmod_basic_access $ZFS_ACL_STAFF1 $dir $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER1
+$RM -rf $basedir
+
+log_pass "Verify that the chown/chgrp could take owner/group " \
+    "while permission is granted."