xfs-cmds/xfstests/099 - view

Return to 099 CVS log

Up to [Development] / xfs-cmds / xfstests

File: [Development] / xfs-cmds / xfstests / 099 (download)

Revision 1.1, Wed Sep 15 05:57:50 2004 UTC (13 years, 1 month ago) by ajones
Branch: MAIN

Tests from UDFQA ported to FSQA.
ACL test.

#! /bin/sh
# FS QA Test No. 099. Modified from UDFQA test 036. 
#
# ACL test
#-----------------------------------------------------------------------
#  Copyright (c) 2000-2004 Silicon Graphics, Inc.  All Rights Reserved.
#  This program is free software; you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
#  USA
#
#  Contact information: Silicon Graphics, Inc., 1500 Crittenden Lane,
#  Mountain View, CA 94043, USA, or: http://www.sgi.com
#-----------------------------------------------------------------------
#_acl_list
# modifier
owner=ajones@sgi.com

seq=`basename $0`
echo "QA output created by $seq"

here=`pwd`
tmp=/tmp/$$
status=1	# failure is the default!
trap "_cleanup; exit \$status" 0 1 2 3 15

# get standard environment, filters and checks
. ./common.rc
. ./common.filter
. ./common.attr

runas=$here/src/runas

TARGET_DIR=$SCRATCH_MNT
[ "$FSTYP" == "xfs" ] && TARGET_DIR=$TEST_DIR

_cleanup()
{
    rm -f $tmp.*
    cd $TARGET_DIR
    rm -rf $seq.dir1
    cd /
}

# -----
# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
# This is set with chacl(1) and can be changed by chmod(1).
#
# Test that this is being set for ACL and for std unix permissions
# Test that we can get back the same ACL.
# Test std permissions for rwx.
# -----
#
# Test out default ACLs and that the ACL is being PASSed
# onto the children of the dir.
#
# -----
# Test out access check for extended ACLs.
# -> 3 extra ACEs: MASK, GROUP, USER
# -> the GROUP compares with egid of process _and_ the supplementary
#    groups (as found in /etc/group)
#
# Test that mask works for USER, GROUP, GROUP_OBJ
# Test that the ACE type priority is working
#   -> this would be done by simultaneously matching on ACEs
#   -> interesting if it allows user to specify ACEs in any order
#
rm -f $seq.full

#-------------------------------------------------------
# real QA test starts here
_supported_fs xfs udf
_supported_os IRIX

_acl_setup_ids
_acl_requirements
[ -x $runas ] || _notrun "$runas executable not found"

# get dir
#export FILE_SYS=xfs
_require_scratch
_setup_testdir

cd $TARGET_DIR
rm -rf $seq.dir1 # in case file is left over from previous runs.
mkdir $seq.dir1
cd $seq.dir1

echo ""
echo "=== Test minimal ACE ==="

echo "Setup file"
# Note: as this is a shell script,
#       will need read and execute permission set
#       in order to execute it.
touch file1
cat <<EOF >file1
#!/bin/sh
echo "Test was executed"
EOF
chmod u=rwx file1
chmod g=rw- file1
chmod o=r-- file1
chown $acl1.$acl2 file1
_acl_ls file1

echo ""
echo "--- Test get and set of ACL ---"
echo "Note: IRIX interface gave an empty ACL - Linux outputs an ACL"
_acl_list file1
echo "Try using single colon separator"
echo "Note: IRIX interface FAILs because of single colon - Linux one allows it" 
chacl u::r--,g::rwx,o:rw- file1 2>&1
echo "Expect to PASS" 
chacl u::r--,g::rwx,o::rw- file1 2>&1
_acl_list file1

echo ""
echo "--- Test sync of ACL with std permissions ---"
_acl_ls file1
chmod u+w file1
_acl_ls file1
_acl_list file1

echo ""
echo "--- Test owner permissions ---"
chacl u::r-x,g::---,o::--- file1 2>&1
_acl_list file1
# change to owner
echo "Expect to PASS" 
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL" 
$runas -u $acl2 -g $acl2 ./file1 2>&1

echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
_acl_list file1
echo "Expect to FAIL - acl1 is owner" 
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group" 
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - acl2 matches sup group" 
$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
echo "Expect to FAIL - acl3 is not in group" 
$runas -u $acl3 -g $acl3 ./file1 2>&1

echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
_acl_list file1
echo "Expect to FAIL - acl1 is owner" 
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group" 
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - acl2 is in sup. group" 
$runas -u $acl2 -g $acl3 -s $acl2 ./file1 2>&1
echo "Expect to PASS - acl3 is not owner or in group" 
$runas -u $acl3 -g $acl3 ./file1 2>&1

#-------------------------------------------------------

echo ""
echo "=== Test Extended ACLs ==="

echo ""
echo "--- Test adding a USER ACE ---"
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1 | _acl_filter_id
echo "Ensure that ACL has not been changed"
_acl_list file1
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
_acl_list file1
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
$runas -u $acl3 -g $acl3 ./file1 2>&1

echo ""
echo "--- Test adding a GROUP ACE ---"
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1 | _acl_filter_id
echo "Ensure that ACL has not been changed"
_acl_list file1
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
_acl_list file1 | _acl_filter_id
echo "Expect to PASS - GROUP ACE matches group"
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
$runas -u $acl2 -g $acl1 -s $acl2 ./file1 2>&1
echo "Expect to FAIL - GROUP ACE does not match group"
$runas -u $acl3 -g $acl3 ./file1 2>&1

#-------------------------------------------------------

echo ""
echo "--- Test MASK ---"

# group
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
_acl_list file1
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1

# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1

# user
chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
echo "Expect to PASS as MASK allows execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1

#-------------------------------------------------------

echo ""
echo "--- Test ACE priority ---"

chacl o::rwx,g::rwx,u:$acl1:rwx,u::---,m::rwx file1 2>&1
echo "Expect to FAIL as should match on owner"
$runas -u $acl1 -g $acl2 ./file1 2>&1

chacl o::---,g::---,u:$acl2:rwx,u::---,m::rwx file1 2>&1
echo "Expect to PASS as should match on user"
$runas -u $acl2 -g $acl2 ./file1 2>&1


#-------------------------------------------------------

echo ""
echo "=== Test can read ACLs without access permissions ==="
# This was a bug in kernel code where syscred wasn't being used
# to override the capabilities
chacl o::---,g::---,u::--- file1 2>&1
_acl_list file1

#-------------------------------------------------------

echo ""
echo "=== Test Default ACLs ==="
# make test clearer by testing with and without umask
umask 0

mkdir acldir
chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" acldir 2>&1
_acl_list acldir
cd acldir

touch file2
_acl_ls file2
_acl_list file2

#ensure that umask is not having an effect 
#so set it and see
umask 722
touch file3
_acl_ls file3
_acl_list file3

cd ..
umask 022


#-------------------------------------------------------

echo ""
echo "=== Removing ACLs ==="
_acl_list file1
_acl_list acldir
_acl_list acldir/file2
echo "Remove ACLs..."
chacl -R file1
chacl -B acldir
chacl -R acldir/file2
echo "Note: IRIX interface would mean empty ACLs - Linux would show mode ACLs" 
_acl_list file1
_acl_list acldir
_acl_list acldir/file2

#-------------------------------------------------------

echo ""
echo "=== Test out error messages for ACL text parsing  ==="

touch file1
set -x
chacl u file1
chacl u: file1
chacl u:rumpledumpleunknownuser file1
chacl u:rumpledumpleunknownuser: file1
chacl g:rumpledumpleunknowngrp file1
chacl g:rumpledumpleunknowngrp: file1
chacl o:user1:rwx file1
chacl m:user1:rwx file1
chacl a::rwx file1
set +x

#-------------------------------------------------------

echo ""
echo "=== Test out large ACLs  ==="
touch largeaclfile
XFS_ACL_MAX_ENTRIES=25
num_aces_pre=`expr $XFS_ACL_MAX_ENTRIES - 1`
num_aces_post=`expr $XFS_ACL_MAX_ENTRIES + 1`

acl1=`_create_n_aces $num_aces_pre`
acl2=`_create_n_aces $XFS_ACL_MAX_ENTRIES`
acl3=`_create_n_aces $num_aces_post`

echo "1 below xfs acl max"
chacl $acl1 largeaclfile
_acl_list largeaclfile | _filter_aces

echo "xfs acl max"
chacl $acl2 largeaclfile
_acl_list largeaclfile | _filter_aces

echo "1 above xfs acl max"
chacl $acl3 largeaclfile
_acl_list largeaclfile | _filter_aces

#-------------------------------------------------------

if [ "$FSTYP" == "udf" ]; then
    cd /
    umount $TARGET_DIR
    # Check the filesystem
    _check_scratch_fs
fi
# success, all done
status=0
exit