Index: etc/mtree/BSD.tests.dist =================================================================== --- etc/mtree/BSD.tests.dist +++ etc/mtree/BSD.tests.dist @@ -356,6 +356,8 @@ .. .. sys + acl + .. aio .. fifo Index: tests/sys/Makefile =================================================================== --- tests/sys/Makefile +++ tests/sys/Makefile @@ -4,6 +4,7 @@ TESTSDIR= ${TESTSBASE}/sys +TESTS_SUBDIRS+= acl TESTS_SUBDIRS+= aio TESTS_SUBDIRS+= fifo TESTS_SUBDIRS+= file Index: tools/regression/acltools/00.t =================================================================== --- tools/regression/acltools/00.t +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-posix.test on UFS filesystem. -# -# If any of the tests fails, here is how to debug it: go to -# the directory with problematic filesystem mounted on it, -# and do /path/to/test run /path/to/test tools-posix.test, e.g. -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test -# -# Output should be obvious. - -echo "1..4" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 10m` -MNT=`mktemp -dt acltools` -newfs /dev/$MD > /dev/null -mount -o acls /dev/$MD $MNT -if [ $? -ne 0 ]; then - echo "not ok 1 - mount failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -# First, check whether we can crash the kernel by creating too many -# entries. For some reason this won't work in the test file. -touch xxx -i=0; -while :; do i=$(($i+1)); setfacl -m u:$i:rwx xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done -chmod 600 xxx -rm xxx -echo "ok 2" - -perl $TESTDIR/run $TESTDIR/tools-posix.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -cd / -umount -f $MNT -rmdir $MNT -mdconfig -du $MD - -echo "ok 4" Index: tools/regression/acltools/01.t =================================================================== --- tools/regression/acltools/01.t +++ /dev/null @@ -1,86 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-nfs4.test on ZFS filesystem. -# -# WARNING: It uses hardcoded ZFS pool name "acltools" -# -# If any of the tests fails, here is how to debug it: go to -# the directory with problematic filesystem mounted on it, -# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# Output should be obvious. - -echo "1..4" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 64m` -MNT=`mktemp -dt acltools` -zpool create -m $MNT acltools /dev/$MD -if [ $? -ne 0 ]; then - echo "not ok 1 - 'zpool create' failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -# First, check whether we can crash the kernel by creating too many -# entries. For some reason this won't work in the test file. -touch xxx -setfacl -x2 xxx -while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done -chmod 600 xxx -rm xxx -echo "ok 2" - -perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -cd / -zpool destroy -f acltools -rmdir $MNT -mdconfig -du $MD - -echo "ok 4" Index: tools/regression/acltools/02.t =================================================================== --- tools/regression/acltools/02.t +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-nfs4.test on UFS filesystem. -# -# If any of the tests fails, here is how to debug it: go to -# the directory with problematic filesystem mounted on it, -# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# Output should be obvious. - -echo "1..4" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 10m` -MNT=`mktemp -dt acltools` -newfs /dev/$MD > /dev/null -mount -o nfsv4acls /dev/$MD $MNT -if [ $? -ne 0 ]; then - echo "not ok 1 - mount failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -# First, check whether we can crash the kernel by creating too many -# entries. For some reason this won't work in the test file. -touch xxx -setfacl -x2 xxx -while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done -chmod 600 xxx -rm xxx -echo "ok 2" - -if [ `sysctl -n vfs.acl_nfs4_old_semantics` = 0 ]; then - perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test > /dev/null -else - perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null -fi - -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -cd / -umount -f $MNT -rmdir $MNT -mdconfig -du $MD - -echo "ok 4" - Index: tools/regression/acltools/03.t =================================================================== --- tools/regression/acltools/03.t +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-crossfs.test between UFS without -# ACLs, UFS with POSIX.1e ACLs, and ZFS with NFSv4 ACLs. -# -# WARNING: It uses hardcoded ZFS pool name "acltools" -# -# Output should be obvious. - -echo "1..5" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) -MNTROOT=`mktemp -dt acltools` - -# Set up the test filesystems. -MD1=`mdconfig -at swap -s 64m` -MNT1=$MNTROOT/nfs4 -mkdir $MNT1 -zpool create -m $MNT1 acltools /dev/$MD1 -if [ $? -ne 0 ]; then - echo "not ok 1 - 'zpool create' failed." - exit 1 -fi - -echo "ok 1" - -MD2=`mdconfig -at swap -s 10m` -MNT2=$MNTROOT/posix -mkdir $MNT2 -newfs /dev/$MD2 > /dev/null -mount -o acls /dev/$MD2 $MNT2 -if [ $? -ne 0 ]; then - echo "not ok 2 - mount failed." - exit 1 -fi - -echo "ok 2" - -MD3=`mdconfig -at swap -s 10m` -MNT3=$MNTROOT/none -mkdir $MNT3 -newfs /dev/$MD3 > /dev/null -mount /dev/$MD3 $MNT3 -if [ $? -ne 0 ]; then - echo "not ok 3 - mount failed." - exit 1 -fi - -echo "ok 3" - -cd $MNTROOT - -perl $TESTDIR/run $TESTDIR/tools-crossfs.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -cd / - -umount -f $MNT3 -rmdir $MNT3 -mdconfig -du $MD3 - -umount -f $MNT2 -rmdir $MNT2 -mdconfig -du $MD2 - -zpool destroy -f acltools -rmdir $MNT1 -mdconfig -du $MD1 - -rmdir $MNTROOT - -echo "ok 5" - Index: tools/regression/acltools/04.t =================================================================== --- tools/regression/acltools/04.t +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2011 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-nfs4-trivial.test on ZFS filesystem. -# -# WARNING: It uses hardcoded ZFS pool name "acltools" - -echo "1..3" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 64m` -MNT=`mktemp -dt acltools` -zpool create -m $MNT acltools /dev/$MD -if [ $? -ne 0 ]; then - echo "not ok 1 - 'zpool create' failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -perl $TESTDIR/run $TESTDIR/tools-nfs4-trivial.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -cd / -zpool destroy -f acltools -rmdir $MNT -mdconfig -du $MD - -echo "ok 3" Index: tools/regression/acltools/aclfuzzer.sh =================================================================== --- tools/regression/acltools/aclfuzzer.sh +++ /dev/null @@ -1,225 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is an NFSv4 ACL fuzzer. It expects to be run by non-root in a scratch -# directory on a filesystem with NFSv4 ACLs support. Output it generates -# is expected to be fed to /usr/src/tools/regression/acltools/run script. - -NUMBER_OF_COMMANDS=300 - -run_command() -{ - echo "\$ $1" - eval $1 2>&1 | sed 's/^/> /' -} - -rnd_from_0_to() -{ - max=`expr $1 + 1` - rnd=`jot -r 1` - rnd=`expr $rnd % $max` - - echo $rnd -} - -rnd_path() -{ - rnd=`rnd_from_0_to 3` - case $rnd in - 0) echo "$TMP/aaa" ;; - 1) echo "$TMP/bbb" ;; - 2) echo "$TMP/aaa/ccc" ;; - 3) echo "$TMP/bbb/ddd" ;; - esac -} - -f_prepend_random_acl_on() -{ - rnd=`rnd_from_0_to 4` - case $rnd in - 0) u="owner@" ;; - 1) u="group@" ;; - 2) u="everyone@" ;; - 3) u="u:1138" ;; - 4) u="g:1138" ;; - esac - - p="" - while :; do - rnd=`rnd_from_0_to 30` - if [ -n "$p" -a $rnd -ge 14 ]; then - break; - fi - - case $rnd in - 0) p="${p}r" ;; - 1) p="${p}w" ;; - 2) p="${p}x" ;; - 3) p="${p}p" ;; - 4) p="${p}d" ;; - 5) p="${p}D" ;; - 6) p="${p}a" ;; - 7) p="${p}A" ;; - 8) p="${p}R" ;; - 9) p="${p}W" ;; - 10) p="${p}R" ;; - 11) p="${p}c" ;; - 12) p="${p}C" ;; - 13) p="${p}o" ;; - 14) p="${p}s" ;; - esac - done - - f="" - while :; do - rnd=`rnd_from_0_to 10` - if [ $rnd -ge 6 ]; then - break; - fi - - case $rnd in - 0) f="${f}f" ;; - 1) f="${f}d" ;; - 2) f="${f}n" ;; - 3) f="${f}i" ;; - esac - done - - rnd=`rnd_from_0_to 1` - case $rnd in - 0) x="allow" ;; - 1) x="deny" ;; - esac - - acl="$u:$p:$f:$x" - - file=`rnd_path` - run_command "setfacl -a0 $acl $file" -} - -f_getfacl() -{ - file=`rnd_path` - run_command "getfacl -qn $file" -} - -f_ls_mode() -{ - file=`rnd_path` - run_command "ls -al $file | sed -n '2p' | cut -d' ' -f1" -} - -f_chmod() -{ - b1=`rnd_from_0_to 7` - b2=`rnd_from_0_to 7` - b3=`rnd_from_0_to 7` - b4=`rnd_from_0_to 7` - file=`rnd_path` - - run_command "chmod $b1$b2$b3$b4 $file $2" -} - -f_touch() -{ - file=`rnd_path` - run_command "touch $file" -} - -f_rm() -{ - file=`rnd_path` - run_command "rm -f $file" -} - -f_mkdir() -{ - file=`rnd_path` - run_command "mkdir $file" -} - -f_rmdir() -{ - file=`rnd_path` - run_command "rmdir $file" -} - -f_mv() -{ - from=`rnd_path` - to=`rnd_path` - run_command "mv -f $from $to" -} - -# XXX: To be implemented: chown(8), setting times with touch(1). - -switch_to_random_user() -{ - # XXX: To be implemented. -} - -execute_random_command() -{ - rnd=`rnd_from_0_to 20` - - case $rnd in - 0|10|11|12|13|15) cmd=f_prepend_random_acl_on ;; - 1) cmd=f_getfacl ;; - 2) cmd=f_ls_mode ;; - 3) cmd=f_chmod ;; - 4|18|19) cmd=f_touch ;; - 5) cmd=f_rm ;; - 6|16|17) cmd=f_mkdir ;; - 7) cmd=f_rmdir ;; - 8) cmd=f_mv ;; - esac - - $cmd "XXX" -} - -echo "# Fuzzing; will stop after $NUMBER_OF_COMMANDS commands." -TMP="aclfuzzer_`dd if=/dev/random bs=1k count=1 2>/dev/null | openssl md5`" - -run_command "whoami" -umask 022 -run_command "umask 022" -run_command "mkdir $TMP" - -i=0; -while [ "$i" -lt "$NUMBER_OF_COMMANDS" ]; do - switch_to_random_user - execute_random_command - i=`expr $i + 1` -done - -run_command "find $TMP -exec setfacl -a0 everyone@:rxd:allow {} \;" -run_command "rm -rfv $TMP" - -echo "# Fuzzed, thank you." - Index: tools/regression/acltools/mktrivial.sh =================================================================== --- tools/regression/acltools/mktrivial.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2010 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This shell script generates an input file for the "run" script, used -# to verify generation of trivial ACLs. - -echo "$ touch f" -touch f - -for s in `jot 7 0 7`; do - for u in `jot 7 0 7`; do - for g in `jot 7 0 7`; do - for o in `jot 7 0 7`; do - echo "$ chmod 0$s$u$g$o f" - chmod "0$s$u$g$o" f - echo "$ ls -l f | cut -d' ' -f1" - ls -l f | cut -d' ' -f1 | sed 's/^/> /' - echo "$ getfacl -q f" - getfacl -q f | sed 's/^/> /' - done - done - done -done - -echo "$ rm f" -rm f - Index: tools/regression/acltools/run =================================================================== --- tools/regression/acltools/run +++ /dev/null @@ -1,329 +0,0 @@ -#!/usr/bin/perl -w -U - -# Copyright (c) 2007, 2008 Andreas Gruenbacher. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions, and the following disclaimer, -# without modification, immediately at the beginning of the file. -# 2. The name of the author may not be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# Alternatively, this software may be distributed under the terms of the -# GNU Public License ("GPL"). -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR -# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# -# Possible improvements: -# -# - distinguish stdout and stderr output -# - add environment variable like assignments -# - run up to a specific line -# - resume at a specific line -# - -use strict; -use FileHandle; -use Getopt::Std; -use POSIX qw(isatty setuid getcwd); -use vars qw($opt_l $opt_v); - -no warnings qw(taint); - -$opt_l = ~0; # a really huge number -getopts('l:v'); - -my ($OK, $FAILED) = ("ok", "failed"); -if (isatty(fileno(STDOUT))) { - $OK = "\033[32m" . $OK . "\033[m"; - $FAILED = "\033[31m\033[1m" . $FAILED . "\033[m"; -} - -sub exec_test($$); -sub process_test($$$$); - -my ($prog, $in, $out) = ([], [], []); -my $prog_line = 0; -my ($tests, $failed) = (0,0); -my $lineno; -my $width = ($ENV{COLUMNS} || 80) >> 1; - -for (;;) { - my $line = <>; $lineno++; - if (defined $line) { - # Substitute %VAR and %{VAR} with environment variables. - $line =~ s[%(\w+)][$ENV{$1}]eg; - $line =~ s[%{(\w+)}][$ENV{$1}]eg; - } - if (defined $line) { - if ($line =~ s/^\s*< ?//) { - push @$in, $line; - } elsif ($line =~ s/^\s*> ?//) { - push @$out, $line; - } else { - process_test($prog, $prog_line, $in, $out); - last if $prog_line >= $opt_l; - - $prog = []; - $prog_line = 0; - } - if ($line =~ s/^\s*\$ ?//) { - $prog = [ map { s/\\(.)/$1/g; $_ } split /(? @$result) ? @$out : @$result; - for (my $n=0; $n < $nmax; $n++) { - my $use_re; - if (defined $out->[$n] && $out->[$n] =~ /^~ /) { - $use_re = 1; - $out->[$n] =~ s/^~ //g; - } - - if (!defined($out->[$n]) || !defined($result->[$n]) || - (!$use_re && $result->[$n] ne $out->[$n]) || - ( $use_re && $result->[$n] !~ /^$out->[$n]/)) { - push @good, ($use_re ? '!~' : '!='); - } - else { - push @good, ($use_re ? '=~' : '=='); - } - } - my $good = !(grep /!/, @good); - $tests++; - $failed++ unless $good; - print $good ? $OK : $FAILED, "\n"; - if (!$good || $opt_v) { - for (my $n=0; $n < $nmax; $n++) { - my $l = defined($out->[$n]) ? $out->[$n] : "~"; - chomp $l; - my $r = defined($result->[$n]) ? $result->[$n] : "~"; - chomp $r; - print sprintf("%-" . ($width-3) . "s %s %s\n", - $r, $good[$n], $l); - } - } -} - - -sub su($) { - my ($user) = @_; - - $user ||= "root"; - - my ($login, $pass, $uid, $gid) = getpwnam($user) - or return [ "su: user $user does not exist\n" ]; - my @groups = (); - my $fh = new FileHandle("/etc/group") - or return [ "opening /etc/group: $!\n" ]; - while (<$fh>) { - chomp; - my ($group, $passwd, $gid, $users) = split /:/; - foreach my $u (split /,/, $users) { - push @groups, $gid - if ($user eq $u); - } - } - $fh->close; - - my $groups = join(" ", ($gid, $gid, @groups)); - #print STDERR "[[$groups]]\n"; - $! = 0; # reset errno - $> = 0; - $( = $gid; - $) = $groups; - if ($!) { - return [ "su: $!\n" ]; - } - if ($uid != 0) { - $> = $uid; - #$< = $uid; - if ($!) { - return [ "su: $prog->[1]: $!\n" ]; - } - } - #print STDERR "[($>,$<)($(,$))]"; - return []; -} - - -sub sg($) { - my ($group) = @_; - - my $gid = getgrnam($group) - or return [ "sg: group $group does not exist\n" ]; - my %groups = map { $_ eq $gid ? () : ($_ => 1) } (split /\s/, $)); - - #print STDERR "<<", join("/", keys %groups), ">>\n"; - my $groups = join(" ", ($gid, $gid, keys %groups)); - #print STDERR "[[$groups]]\n"; - $! = 0; # reset errno - if ($> != 0) { - my $uid = $>; - $> = 0; - $( = $gid; - $) = $groups; - $> = $uid; - } else { - $( = $gid; - $) = $groups; - } - if ($!) { - return [ "sg: $!\n" ]; - } - print STDERR "[($>,$<)($(,$))]"; - return []; -} - - -sub exec_test($$) { - my ($prog, $in) = @_; - local (*IN, *IN_DUP, *IN2, *OUT_DUP, *OUT, *OUT2); - my $needs_shell = (join('', @$prog) =~ /[][|<>"'`\$\*\?]/); - - if ($prog->[0] eq "umask") { - umask oct $prog->[1]; - return []; - } elsif ($prog->[0] eq "cd") { - if (!chdir $prog->[1]) { - return [ "chdir: $prog->[1]: $!\n" ]; - } - $ENV{PWD} = getcwd; - return []; - } elsif ($prog->[0] eq "su") { - return su($prog->[1]); - } elsif ($prog->[0] eq "sg") { - return sg($prog->[1]); - } elsif ($prog->[0] eq "export") { - my ($name, $value) = split /=/, $prog->[1]; - # FIXME: need to evaluate $value, so that things like this will work: - # export dir=$PWD/dir - $ENV{$name} = $value; - return []; - } elsif ($prog->[0] eq "unset") { - delete $ENV{$prog->[1]}; - return []; - } - - pipe *IN2, *OUT - or die "Can't create pipe for reading: $!"; - open *IN_DUP, "<&STDIN" - or *IN_DUP = undef; - open *STDIN, "<&IN2" - or die "Can't duplicate pipe for reading: $!"; - close *IN2; - - open *OUT_DUP, ">&STDOUT" - or die "Can't duplicate STDOUT: $!"; - pipe *IN, *OUT2 - or die "Can't create pipe for writing: $!"; - open *STDOUT, ">&OUT2" - or die "Can't duplicate pipe for writing: $!"; - close *OUT2; - - *STDOUT->autoflush(); - *OUT->autoflush(); - - $SIG{CHLD} = 'IGNORE'; - - if (fork()) { - # Server - if (*IN_DUP) { - open *STDIN, "<&IN_DUP" - or die "Can't duplicate STDIN: $!"; - close *IN_DUP - or die "Can't close STDIN duplicate: $!"; - } - open *STDOUT, ">&OUT_DUP" - or die "Can't duplicate STDOUT: $!"; - close *OUT_DUP - or die "Can't close STDOUT duplicate: $!"; - - foreach my $line (@$in) { - #print "> $line"; - print OUT $line; - } - close *OUT - or die "Can't close pipe for writing: $!"; - - my $result = []; - while () { - #print "< $_"; - if ($needs_shell) { - s#^/bin/sh: line \d+: ##; - } - push @$result, $_; - } - return $result; - } else { - # Client - $< = $>; - close IN - or die "Can't close read end for input pipe: $!"; - close OUT - or die "Can't close write end for output pipe: $!"; - close OUT_DUP - or die "Can't close STDOUT duplicate: $!"; - local *ERR_DUP; - open ERR_DUP, ">&STDERR" - or die "Can't duplicate STDERR: $!"; - open STDERR, ">&STDOUT" - or die "Can't join STDOUT and STDERR: $!"; - - if ($needs_shell) { - exec ('/bin/sh', '-c', join(" ", @$prog)); - } else { - exec @$prog; - } - print STDERR $prog->[0], ": $!\n"; - exit; - } -} - Index: tools/regression/acltools/tools-crossfs.test =================================================================== --- tools/regression/acltools/tools-crossfs.test +++ /dev/null @@ -1,323 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test intended to verify that cp(1) and mv(1) -# do the right thing with respect to ACLs. Run it as root using -# ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# You need to have three subdirectories, named nfs4, posix and none, -# with filesystems with NFSv4 ACLs, POSIX.1e ACLs and no ACLs enabled, -# respectively, mounted on them, in your current directory. -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -$ touch nfs4/xxx -$ getfacl -nq nfs4/xxx -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ touch posix/xxx -$ getfacl -nq posix/xxx -> user::rw- -> group::r-- -> other::r-- - -# mv with POSIX.1e ACLs. -$ rm -f posix/xxx -$ rm -f posix/yyy -$ touch posix/xxx -$ chmod 456 posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r--r-xrw- -$ setfacl -m u:42:x,g:43:w posix/xxx -$ mv posix/xxx posix/yyy -$ getfacl -nq posix/yyy -> user::r-- -> user:42:--x -> group::r-x -> group:43:-w- -> mask::rwx -> other::rw- -$ ls -l posix/yyy | cut -d' ' -f1 -> -r--rwxrw-+ - -# mv from POSIX.1e to none. -$ rm -f posix/xxx -$ rm -f none/xxx -$ touch posix/xxx -$ chmod 345 posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> --wxrwxr-x+ -$ mv posix/xxx none/xxx -> mv: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> --wxrwxr-x - -# mv from POSIX.1e to NFSv4. -$ rm -f posix/xxx -$ rm -f nfs4/xxx -$ touch posix/xxx -$ chmod 456 posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r--rwxrw-+ -$ mv posix/yyy nfs4/xxx -> mv: failed to set acl entries for nfs4/xxx: Invalid argument -$ getfacl -nq nfs4/xxx -> owner@:-wxp----------:-------:deny -> owner@:r-----aARWcCos:-------:allow -> group@:rwxp--a-R-c--s:-------:allow -> everyone@:rw-p--a-R-c--s:-------:allow -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r--rwxrw- - -# mv with NFSv4 ACLs. -$ rm -f nfs4/xxx -$ rm -f nfs4/yyy -$ touch nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ mv nfs4/xxx nfs4/yyy -$ getfacl -nq nfs4/yyy -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -$ ls -l nfs4/yyy | cut -d' ' -f1 -> -rw-r--r--+ - -# mv from NFSv4 to POSIX.1e without any ACLs. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 456 nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r--r-xrw- -$ mv nfs4/xxx posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r--r-xrw- - -# mv from NFSv4 to none. -$ rm -f nfs4/xxx -$ rm -f none/xxx -$ touch nfs4/xxx -$ chmod 345 nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x+ -$ mv nfs4/xxx none/xxx -> mv: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> --wxr--r-x - -# mv from NFSv4 to POSIX.1e. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 345 nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x+ -$ mv nfs4/xxx posix/xxx -> mv: failed to set acl entries for posix/xxx: Invalid argument -$ ls -l posix/xxx | cut -d' ' -f1 -> --wxr--r-x - -# cp with POSIX.1e ACLs. -$ rm -f posix/xxx -$ rm -f posix/yyy -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp posix/xxx posix/yyy -$ ls -l posix/yyy | cut -d' ' -f1 -> -rw-r-xr-- - -# cp -p with POSIX.1e ACLs. -$ rm -f posix/xxx -$ rm -f posix/yyy -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ getfacl -nq posix/xxx -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp -p posix/xxx posix/yyy -$ getfacl -nq posix/yyy -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -$ ls -l posix/yyy | cut -d' ' -f1 -> -rw-rwxr--+ - -# cp from POSIX.1e to none. -$ rm -f posix/xxx -$ rm -f none/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp posix/xxx none/xxx -$ ls -l none/xxx | cut -d' ' -f1 -> -rw-r-xr-- - -# cp -p from POSIX.1e to none. -$ rm -f posix/xxx -$ rm -f none/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp -p posix/xxx none/xxx -> cp: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> -rw-rwxr-- - -# cp from POSIX.1e to NFSv4. -$ rm -f posix/xxx -$ rm -f nfs4/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp posix/xxx nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -rw-r-xr-- - -# cp -p from POSIX.1e to NFSv4. -$ rm -f posix/xxx -$ rm -f nfs4/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp -p posix/xxx nfs4/xxx -> cp: failed to set acl entries for nfs4/xxx: Invalid argument -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -rw-rwxr-- - -# cp with NFSv4 ACLs. -$ rm -f nfs4/xxx -$ rm -f nfs4/yyy -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp nfs4/xxx nfs4/yyy -$ ls -l nfs4/yyy | cut -d' ' -f1 -> -r-xr----x - -# cp -p with NFSv4 ACLs. -$ rm -f nfs4/xxx -$ rm -f nfs4/yyy -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ cp -p nfs4/xxx nfs4/yyy -$ getfacl -nq nfs4/yyy -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:allow -> owner@:-w-p----------:-------:deny -> group@:-wxp----------:-------:deny -> owner@:r-x---aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:-wxp--a-R-c--s:-------:allow -$ ls -l nfs4/yyy | cut -d' ' -f1 -> -r-xr---wx+ - -# cp from NFSv4 to none. -$ rm -f nfs4/xxx -$ rm -f none/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp nfs4/xxx none/xxx -$ ls -l none/xxx | cut -d' ' -f1 -> -r-xr----x - -# cp -p from NFSv4 to none. -$ rm -f nfs4/xxx -$ rm -f none/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp -p nfs4/xxx none/xxx -> cp: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> -r-xr---wx - -# cp from NFSv4 to POSIX.1e. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp nfs4/xxx posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r-xr----x - -# cp -p from NFSv4 to POSIX.1e. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp -p nfs4/xxx posix/xxx -> cp: failed to set acl entries for posix/xxx: Invalid argument -$ ls -l posix/xxx | cut -d' ' -f1 -> -r-xr---wx Index: tools/regression/acltools/tools-nfs4-psarc.test =================================================================== --- tools/regression/acltools/tools-nfs4-psarc.test +++ /dev/null @@ -1,562 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029 -# semantics. Run it as root using ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Smoke test for getfacl(1). -$ touch xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ getfacl -q xxx -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -# Check verbose mode formatting. -$ getfacl -v xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow -> group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow -> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow - -# Test setfacl -a. -$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test user and group name resolving. -$ rm xxx -$ touch xxx -$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> user:root:-----------C--:-------:allow -> group:daemon:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Check whether ls correctly marks files with "+". -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -# Test removing entries by number. -$ setfacl -x 1 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -m. -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -m everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test getfacl -i. -$ getfacl -i xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:rw-p--aARWcCos:-------:allow -> user:root:-----------C--:-------:allow:0 -> group:daemon:----------c---:-------:deny:1 -> everyone@:r-----a-R-c--s:-------:allow - -# Make sure cp without any flags does not copy copy the ACL. -$ cp xxx yyy -$ ls -l yyy | cut -d' ' -f1 -> -rw-r--r-- - -# Make sure it does with the "-p" flag. -$ rm yyy -$ cp -p xxx yyy -$ getfacl -n yyy -> # file: yyy -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm yyy - -# Test removing entries by... by example? -$ setfacl -x everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -b. -$ setfacl -b xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -# Check setfacl(1) and getfacl(1) with multiple files. -$ touch xxx yyy zzz - -$ ls -l xxx yyy zzz | cut -d' ' -f1 -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r--+ -> -rw-r--r--+ -> -rw-r--r--+ - -$ getfacl -nq nnn xxx yyy zzz -> getfacl: nnn: stat() failed: No such file or directory -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ setfacl -b nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ rm xxx yyy zzz - -# Test applying mode to an ACL. -$ touch xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ ls -l xxx | cut -d' ' -f1 -> -rw------- - -$ rm xxx -$ touch xxx -$ chown 42 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 42 -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -rw------- - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 124 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> owner@:rw-p----------:-------:deny -> group@:r-------------:-------:deny -> owner@:--x---aARWcCos:-------:allow -> group@:-w-p--a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> ---x-w-r-- - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 412 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> owner@:-wxp----------:-------:deny -> group@:-w-p----------:-------:deny -> owner@:r-----aARWcCos:-------:allow -> group@:--x---a-R-c--s:-------:allow -> everyone@:-w-p--a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -r----x-w- - -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-----:allow -> group:43:-w--D---------:-d-----:deny -> group@:-----da-------:-------:allow -> group:44:rw-p-da-------:-------:allow -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:-w-p--a-R-c--s:f-i----:allow - -$ chmod 777 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> owner@:rwxp--aARWcCos:-------:allow -> group@:rwxp--a-R-c--s:-------:allow -> everyone@:rwxp--a-R-c--s:-------:allow - -# Test applying ACL to mode. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 u:42:rwx:fi:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> drwxr-xr-x+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr----x---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr---wx---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -# Test inheritance. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd -$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd -$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd -$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd -$ getfacl -qn ddd -> user:41:-w-----A------:f--n---:allow -> group:41:r-----a-------:-din---:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-n---:deny -> group:43:-w---------C--:f-in---:deny -> user:43:rwxp----------:-------:allow -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:r-x---a-R-c--s:-------:allow - -$ cd ddd -$ touch xxx -$ getfacl -qn xxx -> user:41:--------------:------I:allow -> user:42:--------------:------I:allow -> user:42:r-------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ rm xxx -$ umask 077 -$ touch xxx -$ getfacl -qn xxx -> user:41:--------------:------I:allow -> user:42:--------------:------I:allow -> user:42:--------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:rw-p--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ rm xxx -$ umask 770 -$ touch xxx -$ getfacl -qn xxx -> owner@:rw-p----------:-------:deny -> group@:rw-p----------:-------:deny -> user:41:--------------:------I:allow -> user:42:--------------:------I:allow -> user:42:--------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:rw-p--a-R-c--s:-------:allow - -$ rm xxx -$ umask 707 -$ touch xxx -$ getfacl -qn xxx -> owner@:rw-p----------:-------:deny -> user:41:-w------------:------I:allow -> user:42:--------------:------I:allow -> user:42:r-------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:rw-p--a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ umask 077 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:------a-------:------I:allow -> user:42:-----------Co-:f-i---I:allow -> user:42:r-x-----------:f-i---I:allow -> group:42:-w--D---------:------I:deny -> owner@:rwxp--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 770 -$ mkdir yyy -$ getfacl -qn yyy -> owner@:rwxp----------:-------:deny -> group@:rwxp----------:-------:deny -> group:41:------a-------:------I:allow -> user:42:-----------Co-:f-i---I:allow -> user:42:r-x-----------:f-i---I:allow -> group:42:-w--D---------:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:rwxp--a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 707 -$ mkdir yyy -$ getfacl -qn yyy -> owner@:rwxp----------:-------:deny -> group:41:r-----a-------:------I:allow -> user:42:-----------Co-:f-i---I:allow -> user:42:r-x-----------:f-i---I:allow -> group:42:-w--D---------:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:rwxp--a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -# There is some complication regarding how write_acl and write_owner flags -# get inherited. Make sure we got it right. -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:allow . -$ setfacl -a0 u:43:Co:d:allow . -$ setfacl -a0 u:44:Co:fd:allow . -$ setfacl -a0 u:45:Co:fi:allow . -$ setfacl -a0 u:46:Co:di:allow . -$ setfacl -a0 u:47:Co:fdi:allow . -$ setfacl -a0 u:48:Co:fn:allow . -$ setfacl -a0 u:49:Co:dn:allow . -$ setfacl -a0 u:50:Co:fdn:allow . -$ setfacl -a0 u:51:Co:fni:allow . -$ setfacl -a0 u:52:Co:dni:allow . -$ setfacl -a0 u:53:Co:fdni:allow . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:--------------:------I:allow -> user:51:--------------:------I:allow -> user:50:--------------:------I:allow -> user:48:--------------:------I:allow -> user:47:--------------:------I:allow -> user:45:--------------:------I:allow -> user:44:--------------:------I:allow -> user:42:--------------:------I:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:--------------:------I:allow -> user:52:--------------:------I:allow -> user:50:--------------:------I:allow -> user:49:--------------:------I:allow -> user:47:--------------:fd----I:allow -> user:46:--------------:-d----I:allow -> user:45:-----------Co-:f-i---I:allow -> user:44:--------------:fd----I:allow -> user:43:--------------:-d----I:allow -> user:42:-----------Co-:f-i---I:allow -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:r-x---a-R-c--s:-------:allow - -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:deny . -$ setfacl -a0 u:43:Co:d:deny . -$ setfacl -a0 u:44:Co:fd:deny . -$ setfacl -a0 u:45:Co:fi:deny . -$ setfacl -a0 u:46:Co:di:deny . -$ setfacl -a0 u:47:Co:fdi:deny . -$ setfacl -a0 u:48:Co:fn:deny . -$ setfacl -a0 u:49:Co:dn:deny . -$ setfacl -a0 u:50:Co:fdn:deny . -$ setfacl -a0 u:51:Co:fni:deny . -$ setfacl -a0 u:52:Co:dni:deny . -$ setfacl -a0 u:53:Co:fdni:deny . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:-----------Co-:------I:deny -> user:51:-----------Co-:------I:deny -> user:50:-----------Co-:------I:deny -> user:48:-----------Co-:------I:deny -> user:47:-----------Co-:------I:deny -> user:45:-----------Co-:------I:deny -> user:44:-----------Co-:------I:deny -> user:42:-----------Co-:------I:deny -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:-----------Co-:------I:deny -> user:52:-----------Co-:------I:deny -> user:50:-----------Co-:------I:deny -> user:49:-----------Co-:------I:deny -> user:47:-----------Co-:fd----I:deny -> user:46:-----------Co-:-d----I:deny -> user:45:-----------Co-:f-i---I:deny -> user:44:-----------Co-:fd----I:deny -> user:43:-----------Co-:-d----I:deny -> user:42:-----------Co-:f-i---I:deny -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:r-x---a-R-c--s:-------:allow - -$ rmdir yyy -$ rm xxx -$ cd .. -$ rmdir ddd - -$ rm xxx - Index: tools/regression/acltools/tools-nfs4-trivial.test =================================================================== --- tools/regression/acltools/tools-nfs4-trivial.test +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright (c) 2011 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for acl_is_trivial_np(3). Run it as root on ZFS. -# Note that this does not work on UFS with NFSv4 ACLs enabled - UFS recognizes -# both kind of trivial ACLs and replaces it by the default one. -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Check whether ls(1) correctly recognizes PSARC/2010/029-style trivial ACLs. -$ touch xxx - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -$ getfacl -q xxx -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -# Check whether ls(1) correctly recognizes draft-style trivial ACLs. -$ rm xxx -$ touch xxx -$ setfacl -a0 owner@:x:deny,owner@:rwpAWCo:allow,group@:wxp:deny,group@:r:allow,everyone@:wxpAWCo:deny,everyone@:raRcs:allow xxx -$ setfacl -x5 xxx -$ setfacl -x5 xxx -$ setfacl -x5 xxx - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -$ getfacl -q xxx -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Make sure ls(1) actually can recognize something as non-trivial. -$ setfacl -x0 xxx - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -$ getfacl -q xxx -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm xxx - Index: tools/regression/acltools/tools-nfs4.test =================================================================== --- tools/regression/acltools/tools-nfs4.test +++ /dev/null @@ -1,828 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for NFSv4 ACL functionality. Run it as root -# using ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Smoke test for getfacl(1). -$ touch xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ getfacl -q xxx -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Check verbose mode formatting. -$ getfacl -v xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:execute::deny -> owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow -> group@:write_data/execute/append_data::deny -> group@:read_data::allow -> everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny -> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow - -# Test setfacl -a. -$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test user and group name resolving. -$ rm xxx -$ touch xxx -$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:root:-----------C--:-------:allow -> group:daemon:----------c---:-------:deny -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Check whether ls correctly marks files with "+". -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -# Test removing entries by number. -$ setfacl -x 4 xxx -$ setfacl -x 4 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -m. -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -m everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:--------------:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test getfacl -i. -$ getfacl -i xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:root:-----------C--:-------:allow:0 -> group:daemon:----------c---:-------:deny:1 -> everyone@:--------------:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Make sure cp without any flags does not copy copy the ACL. -$ cp xxx yyy -$ ls -l yyy | cut -d' ' -f1 -> -rw-r--r-- - -# Make sure it does with the "-p" flag. -$ rm yyy -$ cp -p xxx yyy -$ getfacl -n yyy -> # file: yyy -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:--------------:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm yyy - -# Test removing entries by... by example? -$ setfacl -x everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -b. -$ setfacl -b xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -# Check setfacl(1) and getfacl(1) with multiple files. -$ touch xxx yyy zzz - -$ ls -l xxx yyy zzz | cut -d' ' -f1 -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r--+ -> -rw-r--r--+ -> -rw-r--r--+ - -$ getfacl -nq nnn xxx yyy zzz -> getfacl: nnn: stat() failed: No such file or directory -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ setfacl -b nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ rm xxx yyy zzz - -# Test applying mode to an ACL. -$ touch xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--x-----------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -rw-------+ - -$ rm xxx -$ touch xxx -$ chown 42 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 42 -> # group: wheel -> user:42:--------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--x-----------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -rw-------+ - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 124 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--x-----------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:rw-p----------:-------:deny -> owner@:--x----A-W-Co-:-------:allow -> group@:r-x-----------:-------:deny -> group@:-w-p----------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> ---x-w-r--+ - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 412 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--------------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:-wxp----------:-------:deny -> owner@:r------A-W-Co-:-------:allow -> group@:rw-p----------:-------:deny -> group@:--x-----------:-------:allow -> everyone@:r-x----A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -r----x-w-+ - -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-----:allow -> group:43:-w--D---------:-d-----:deny -> group@:-----da-------:-------:allow -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -$ chmod 777 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:--------------:-------:deny -> group:42:-w--D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:--------------:-------:deny -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:rwxp----------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:rwxp--a-R-c--s:-------:allow - -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ chmod 124 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:--------------:-------:deny -> group:42:----D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:r-------------:-------:deny -> group:44:r----da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:rw-p----------:-------:deny -> owner@:--x----A-W-Co-:-------:allow -> group@:r-x-----------:-------:deny -> group@:-w-p----------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ chmod 412 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-x-----------:-------:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:-w------------:-------:deny -> group:42:-w--D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:rw-p----------:-------:deny -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:-wxp----------:-------:deny -> owner@:r------A-W-Co-:-------:allow -> group@:rw-p----------:-------:deny -> group@:--x-----------:-------:allow -> everyone@:r-x----A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:-------:allow - -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ chown 42 ddd -$ chmod 412 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: 42 -> # group: wheel -> user:42:--x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:-w------------:-------:deny -> group:42:-w--D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:rw-p----------:-------:deny -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:-wxp----------:-------:deny -> owner@:r------A-W-Co-:-------:allow -> group@:rw-p----------:-------:deny -> group@:--x-----------:-------:allow -> everyone@:r-x----A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:-------:allow - -# Test applying ACL to mode. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 u:42:rwx:fi:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> drwxr-xr-x+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr----x---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr---wx---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -# Test inheritance. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd -$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd -$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd -$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd -$ getfacl -qn ddd -> user:41:-w-----A------:f--n---:allow -> group:41:r-----a-------:-din---:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-n---:deny -> group:43:-w---------C--:f-in---:deny -> user:43:rwxp----------:-------:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:r-x---a-R-c--s:-------:allow - -$ cd ddd -$ touch xxx -$ getfacl -qn xxx -> user:41:-w------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:--x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm xxx -$ umask 077 -$ touch xxx -$ getfacl -qn xxx -> user:41:-w------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:r-x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -$ rm xxx -$ umask 770 -$ touch xxx -$ getfacl -qn xxx -> user:41:-w------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:r-x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:--x----A-W-Co-:-------:deny -> everyone@:rw-p--a-R-c--s:-------:allow - -$ rm xxx -$ umask 707 -$ touch xxx -$ getfacl -qn xxx -> user:41:--------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:--x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--x-----------:-------:deny -> group@:rw-p----------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -$ umask 077 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:r-------------:-------:deny -> group:41:r-----a-------:-------:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-------:deny -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 770 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:r-------------:-------:deny -> group:41:r-----a-------:-------:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:rwxp--a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 707 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:--------------:-------:deny -> group:41:------a-------:-------:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:rwxp----------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -# There is some complication regarding how write_acl and write_owner flags -# get inherited. Make sure we got it right. -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:allow . -$ setfacl -a0 u:43:Co:d:allow . -$ setfacl -a0 u:44:Co:fd:allow . -$ setfacl -a0 u:45:Co:fi:allow . -$ setfacl -a0 u:46:Co:di:allow . -$ setfacl -a0 u:47:Co:fdi:allow . -$ setfacl -a0 u:48:Co:fn:allow . -$ setfacl -a0 u:49:Co:dn:allow . -$ setfacl -a0 u:50:Co:fdn:allow . -$ setfacl -a0 u:51:Co:fni:allow . -$ setfacl -a0 u:52:Co:dni:allow . -$ setfacl -a0 u:53:Co:fdni:allow . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:--------------:-------:deny -> user:53:--------------:-------:allow -> user:51:--------------:-------:deny -> user:51:--------------:-------:allow -> user:50:--------------:-------:deny -> user:50:--------------:-------:allow -> user:48:--------------:-------:deny -> user:48:--------------:-------:allow -> user:47:--------------:-------:deny -> user:47:--------------:-------:allow -> user:45:--------------:-------:deny -> user:45:--------------:-------:allow -> user:44:--------------:-------:deny -> user:44:--------------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:--------------:-------:deny -> user:53:--------------:-------:allow -> user:52:--------------:-------:deny -> user:52:--------------:-------:allow -> user:50:--------------:-------:deny -> user:50:--------------:-------:allow -> user:49:--------------:-------:deny -> user:49:--------------:-------:allow -> user:47:-----------Co-:fdi----:allow -> user:47:--------------:-------:deny -> user:47:--------------:-------:allow -> user:46:-----------Co-:-di----:allow -> user:46:--------------:-------:deny -> user:46:--------------:-------:allow -> user:45:-----------Co-:f-i----:allow -> user:44:-----------Co-:fdi----:allow -> user:44:--------------:-------:deny -> user:44:--------------:-------:allow -> user:43:-----------Co-:-di----:allow -> user:43:--------------:-------:deny -> user:43:--------------:-------:allow -> user:42:-----------Co-:f-i----:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:r-x---a-R-c--s:-------:allow - -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:deny . -$ setfacl -a0 u:43:Co:d:deny . -$ setfacl -a0 u:44:Co:fd:deny . -$ setfacl -a0 u:45:Co:fi:deny . -$ setfacl -a0 u:46:Co:di:deny . -$ setfacl -a0 u:47:Co:fdi:deny . -$ setfacl -a0 u:48:Co:fn:deny . -$ setfacl -a0 u:49:Co:dn:deny . -$ setfacl -a0 u:50:Co:fdn:deny . -$ setfacl -a0 u:51:Co:fni:deny . -$ setfacl -a0 u:52:Co:dni:deny . -$ setfacl -a0 u:53:Co:fdni:deny . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:-----------Co-:-------:deny -> user:51:-----------Co-:-------:deny -> user:50:-----------Co-:-------:deny -> user:48:-----------Co-:-------:deny -> user:47:-----------Co-:-------:deny -> user:45:-----------Co-:-------:deny -> user:44:-----------Co-:-------:deny -> user:42:-----------Co-:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:-----------Co-:-------:deny -> user:52:-----------Co-:-------:deny -> user:50:-----------Co-:-------:deny -> user:49:-----------Co-:-------:deny -> user:47:-----------Co-:fdi----:deny -> user:47:-----------Co-:-------:deny -> user:46:-----------Co-:-di----:deny -> user:46:-----------Co-:-------:deny -> user:45:-----------Co-:f-i----:deny -> user:44:-----------Co-:fdi----:deny -> user:44:-----------Co-:-------:deny -> user:43:-----------Co-:-di----:deny -> user:43:-----------Co-:-------:deny -> user:42:-----------Co-:f-i----:deny -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:r-x---a-R-c--s:-------:allow - -$ rmdir yyy -$ rm xxx -$ cd .. -$ rmdir ddd - -$ rm xxx - Index: tools/regression/acltools/tools-posix.test =================================================================== --- tools/regression/acltools/tools-posix.test +++ /dev/null @@ -1,453 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for POSIX.1e ACL functionality. Run it as root -# using ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Smoke test for getfacl(1). -$ touch xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> other::r-- - -$ getfacl -q xxx -> user::rw- -> group::r-- -> other::r-- - -$ setfacl -m u:42:r,g:43:w xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -# Check whether ls correctly marks files with "+". -$ ls -l xxx | cut -d' ' -f1 -> -rw-rw-r--+ - -# Same as above, but for symlinks. -$ ln -s xxx lll -$ getfacl -h lll -> # file: lll -> # owner: root -> # group: wheel -> user::rwx -> group::r-x -> other::r-x - -$ getfacl -qh lll -> user::rwx -> group::r-x -> other::r-x - -$ getfacl -q lll -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ setfacl -hm u:44:x,g:45:w lll -$ getfacl -h lll -> # file: lll -> # owner: root -> # group: wheel -> user::rwx -> user:44:--x -> group::r-x -> group:45:-w- -> mask::rwx -> other::r-x - -$ ls -l lll | cut -d' ' -f1 -> lrwxrwxr-x+ - -# Check whether the original file is left untouched. -$ ls -l xxx | cut -d' ' -f1 -> -rw-rw-r--+ - -$ rm lll - -# Test removing entries. -$ setfacl -x user:42: xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ setfacl -m u:42:r xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -# Test removing entries by number. -$ setfacl -x 1 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ setfacl -m g:43:r xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:r-- -> mask::r-- -> other::r-- - -# Make sure cp without any flags does not copy the ACL. -$ cp xxx yyy -$ ls -l yyy | cut -d' ' -f1 -> -rw-r--r-- - -# Make sure it does with the "-p" flag. -$ rm yyy -$ cp -p xxx yyy -$ getfacl -n yyy -> # file: yyy -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:r-- -> mask::r-- -> other::r-- - -$ rm yyy - -# Test removing entries by... by example? -$ setfacl -m u:42:r,g:43:w xxx -$ setfacl -x u:42: xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -# Test setfacl -b. -$ setfacl -b xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> mask::r-- -> other::r-- - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -$ setfacl -nb xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> other::r-- - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -# Check setfacl(1) and getfacl(1) with multiple files. -$ touch xxx yyy zzz - -$ ls -l xxx yyy zzz | cut -d' ' -f1 -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-rwxr--+ -> -rw-rwxr--+ -> -rw-rwxr--+ - -$ getfacl -nq nnn xxx yyy zzz -> getfacl: nnn: stat() failed: No such file or directory -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -> -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -> -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- - -$ setfacl -b nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r--+ -> -rw-r--r--+ -> -rw-r--r--+ - -$ setfacl -bn nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ rm xxx yyy zzz - -# Check whether chmod actually does what it should do. -$ touch xxx -$ setfacl -m u:42:rwx,g:43:rwx xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> user:42:rwx # effective: --- -> group::r-- # effective: --- -> group:43:rwx # effective: --- -> mask::--- -> other::--- - -$ chmod 060 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::--- -> user:42:rwx # effective: rw- -> group::r-- -> group:43:rwx # effective: rw- -> mask::rw- -> other::--- - -# Test default ACLs. -$ umask 022 -$ mkdir ddd -$ getfacl -qn ddd -> user::rwx -> group::r-x -> other::r-x - -$ ls -l | grep ddd | cut -d' ' -f1 -> drwxr-xr-x - -$ getfacl -dq ddd -$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd -$ getfacl -dqn ddd -> user::rwx -> group::r-x -> mask::rwx -> other::r-x - -# No change - ls(1) output doesn't take into account default ACLs. -$ ls -l | grep ddd | cut -d' ' -f1 -> drwxr-xr-x - -$ setfacl -dm g:42:rwx,u:42:r ddd -$ setfacl -dm g::w ddd -$ getfacl -dqn ddd -> user::rwx -> user:42:r-- -> group::-w- -> group:42:rwx -> mask::rwx -> other::r-x - -$ setfacl -dx group:42: ddd -$ getfacl -dqn ddd -> user::rwx -> user:42:r-- -> group::-w- -> mask::rw- -> other::r-x - -$ ls -l | grep ddd | cut -d' ' -f1 -> drwxr-xr-x - -$ rmdir ddd -$ rm xxx - -# Test inheritance. -$ mkdir ddd - -$ touch ddd/xxx -$ getfacl -q ddd/xxx -> user::rw- -> group::r-- -> other::r-- - -$ mkdir ddd/ddd -$ getfacl -q ddd/ddd -> user::rwx -> group::r-x -> other::r-x - -$ rmdir ddd/ddd -$ rm ddd/xxx - -$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd -$ setfacl -dm g:42:rwx,u:43:r ddd -$ getfacl -dq ddd -> user::rwx -> user:43:r-- -> group::r-x -> group:42:rwx -> mask::rwx -> other::r-x - -$ touch ddd/xxx -$ getfacl -q ddd/xxx -> user::rw- -> user:43:r-- -> group::r-x # effective: r-- -> group:42:rwx # effective: r-- -> mask::r-- -> other::r-- - -$ mkdir ddd/ddd -$ getfacl -q ddd/ddd -> user::rwx -> user:43:r-- -> group::r-x -> group:42:rwx # effective: r-x -> mask::r-x -> other::r-x - -$ rmdir ddd/ddd -$ rm ddd/xxx -$ rmdir ddd - -# Test if we deal properly with fifos. -$ mkfifo fff -$ ls -l fff | cut -d' ' -f1 -> prw-r--r-- - -$ setfacl -m u:42:r,g:43:w fff -$ getfacl fff -> # file: fff -> # owner: root -> # group: wheel -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ ls -l fff | cut -d' ' -f1 -> prw-rw-r--+ - -$ setfacl -bn fff -$ getfacl fff -> # file: fff -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> other::r-- - -$ ls -l fff | cut -d' ' -f1 -> prw-r--r-- - -$ rm fff - -# Test if we deal properly with device files. -$ mknod bbb b 1 1 -$ setfacl -m u:42:r,g:43:w bbb -> setfacl: bbb: acl_get_file() failed: Operation not supported -$ ls -l bbb | cut -d' ' -f1 -> brw-r--r-- - -$ rm bbb - -$ mknod ccc c 1 1 -$ setfacl -m u:42:r,g:43:w ccc -> setfacl: ccc: acl_get_file() failed: Operation not supported -$ ls -l ccc | cut -d' ' -f1 -> crw-r--r-- - -$ rm ccc