Changeset View
Changeset View
Standalone View
Standalone View
head/tests/sys/acl/tools-posix.test
Property | Old Value | New Value |
---|---|---|
svn:eol-style | null | native \ No newline at end of property |
svn:keywords | null | FreeBSD=%H \ No newline at end of property |
svn:mime-type | null | text/plain \ No newline at end of property |
# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org> | |||||
# All rights reserved. | |||||
# | |||||
# Redistribution and use in source and binary forms, with or without | |||||
# modification, are permitted provided that the following conditions | |||||
# are met: | |||||
# 1. Redistributions of source code must retain the above copyright | |||||
# notice, this list of conditions and the following disclaimer. | |||||
# 2. Redistributions in binary form must reproduce the above copyright | |||||
# notice, this list of conditions and the following disclaimer in the | |||||
# documentation and/or other materials provided with the distribution. | |||||
# | |||||
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |||||
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |||||
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |||||
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |||||
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |||||
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |||||
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |||||
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |||||
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |||||
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |||||
# SUCH DAMAGE. | |||||
# | |||||
# $FreeBSD$ | |||||
# | |||||
# This is a tools-level test for POSIX.1e ACL functionality. Run it as root | |||||
# using ACL-enabled kernel: | |||||
# | |||||
# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test | |||||
# | |||||
# WARNING: Creates files in unsafe way. | |||||
$ whoami | |||||
> root | |||||
$ umask 022 | |||||
# Smoke test for getfacl(1). | |||||
$ touch xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> other::r-- | |||||
$ getfacl -q xxx | |||||
> user::rw- | |||||
> group::r-- | |||||
> other::r-- | |||||
$ setfacl -m u:42:r,g:43:w xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> user:42:r-- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
# Check whether ls correctly marks files with "+". | |||||
$ ls -l xxx | cut -d' ' -f1 | |||||
> -rw-rw-r--+ | |||||
# Same as above, but for symlinks. | |||||
$ ln -s xxx lll | |||||
$ getfacl -h lll | |||||
> # file: lll | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rwx | |||||
> group::r-x | |||||
> other::r-x | |||||
$ getfacl -qh lll | |||||
> user::rwx | |||||
> group::r-x | |||||
> other::r-x | |||||
$ getfacl -q lll | |||||
> user::rw- | |||||
> user:42:r-- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
$ setfacl -hm u:44:x,g:45:w lll | |||||
$ getfacl -h lll | |||||
> # file: lll | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rwx | |||||
> user:44:--x | |||||
> group::r-x | |||||
> group:45:-w- | |||||
> mask::rwx | |||||
> other::r-x | |||||
$ ls -l lll | cut -d' ' -f1 | |||||
> lrwxrwxr-x+ | |||||
# Check whether the original file is left untouched. | |||||
$ ls -l xxx | cut -d' ' -f1 | |||||
> -rw-rw-r--+ | |||||
$ rm lll | |||||
# Test removing entries. | |||||
$ setfacl -x user:42: xxx | |||||
$ getfacl xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
$ setfacl -m u:42:r xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> user:42:r-- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
# Test removing entries by number. | |||||
$ setfacl -x 1 xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
$ setfacl -m g:43:r xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> group:43:r-- | |||||
> mask::r-- | |||||
> other::r-- | |||||
# Make sure cp without any flags does not copy the ACL. | |||||
$ cp xxx yyy | |||||
$ ls -l yyy | cut -d' ' -f1 | |||||
> -rw-r--r-- | |||||
# Make sure it does with the "-p" flag. | |||||
$ rm yyy | |||||
$ cp -p xxx yyy | |||||
$ getfacl -n yyy | |||||
> # file: yyy | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> group:43:r-- | |||||
> mask::r-- | |||||
> other::r-- | |||||
$ rm yyy | |||||
# Test removing entries by... by example? | |||||
$ setfacl -m u:42:r,g:43:w xxx | |||||
$ setfacl -x u:42: xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
# Test setfacl -b. | |||||
$ setfacl -b xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> mask::r-- | |||||
> other::r-- | |||||
$ ls -l xxx | cut -d' ' -f1 | |||||
> -rw-r--r--+ | |||||
$ setfacl -nb xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> other::r-- | |||||
$ ls -l xxx | cut -d' ' -f1 | |||||
> -rw-r--r-- | |||||
# Check setfacl(1) and getfacl(1) with multiple files. | |||||
$ touch xxx yyy zzz | |||||
$ ls -l xxx yyy zzz | cut -d' ' -f1 | |||||
> -rw-r--r-- | |||||
> -rw-r--r-- | |||||
> -rw-r--r-- | |||||
$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz | |||||
> setfacl: nnn: stat() failed: No such file or directory | |||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 | |||||
> ls: nnn: No such file or directory | |||||
> -rw-rwxr--+ | |||||
> -rw-rwxr--+ | |||||
> -rw-rwxr--+ | |||||
$ getfacl -nq nnn xxx yyy zzz | |||||
> getfacl: nnn: stat() failed: No such file or directory | |||||
> user::rw- | |||||
> user:42:--x | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rwx | |||||
> other::r-- | |||||
> | |||||
> user::rw- | |||||
> user:42:--x | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rwx | |||||
> other::r-- | |||||
> | |||||
> user::rw- | |||||
> user:42:--x | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rwx | |||||
> other::r-- | |||||
$ setfacl -b nnn xxx yyy zzz | |||||
> setfacl: nnn: stat() failed: No such file or directory | |||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 | |||||
> ls: nnn: No such file or directory | |||||
> -rw-r--r--+ | |||||
> -rw-r--r--+ | |||||
> -rw-r--r--+ | |||||
$ setfacl -bn nnn xxx yyy zzz | |||||
> setfacl: nnn: stat() failed: No such file or directory | |||||
$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 | |||||
> ls: nnn: No such file or directory | |||||
> -rw-r--r-- | |||||
> -rw-r--r-- | |||||
> -rw-r--r-- | |||||
$ rm xxx yyy zzz | |||||
# Check whether chmod actually does what it should do. | |||||
$ touch xxx | |||||
$ setfacl -m u:42:rwx,g:43:rwx xxx | |||||
$ chmod 600 xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> user:42:rwx # effective: --- | |||||
> group::r-- # effective: --- | |||||
> group:43:rwx # effective: --- | |||||
> mask::--- | |||||
> other::--- | |||||
$ chmod 060 xxx | |||||
$ getfacl -n xxx | |||||
> # file: xxx | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::--- | |||||
> user:42:rwx # effective: rw- | |||||
> group::r-- | |||||
> group:43:rwx # effective: rw- | |||||
> mask::rw- | |||||
> other::--- | |||||
# Test default ACLs. | |||||
$ umask 022 | |||||
$ mkdir ddd | |||||
$ getfacl -qn ddd | |||||
> user::rwx | |||||
> group::r-x | |||||
> other::r-x | |||||
$ ls -l | grep ddd | cut -d' ' -f1 | |||||
> drwxr-xr-x | |||||
$ getfacl -dq ddd | |||||
$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd | |||||
$ getfacl -dqn ddd | |||||
> user::rwx | |||||
> group::r-x | |||||
> mask::rwx | |||||
> other::r-x | |||||
# No change - ls(1) output doesn't take into account default ACLs. | |||||
$ ls -l | grep ddd | cut -d' ' -f1 | |||||
> drwxr-xr-x | |||||
$ setfacl -dm g:42:rwx,u:42:r ddd | |||||
$ setfacl -dm g::w ddd | |||||
$ getfacl -dqn ddd | |||||
> user::rwx | |||||
> user:42:r-- | |||||
> group::-w- | |||||
> group:42:rwx | |||||
> mask::rwx | |||||
> other::r-x | |||||
$ setfacl -dx group:42: ddd | |||||
$ getfacl -dqn ddd | |||||
> user::rwx | |||||
> user:42:r-- | |||||
> group::-w- | |||||
> mask::rw- | |||||
> other::r-x | |||||
$ ls -l | grep ddd | cut -d' ' -f1 | |||||
> drwxr-xr-x | |||||
$ rmdir ddd | |||||
$ rm xxx | |||||
# Test inheritance. | |||||
$ mkdir ddd | |||||
$ touch ddd/xxx | |||||
$ getfacl -q ddd/xxx | |||||
> user::rw- | |||||
> group::r-- | |||||
> other::r-- | |||||
$ mkdir ddd/ddd | |||||
$ getfacl -q ddd/ddd | |||||
> user::rwx | |||||
> group::r-x | |||||
> other::r-x | |||||
$ rmdir ddd/ddd | |||||
$ rm ddd/xxx | |||||
$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd | |||||
$ setfacl -dm g:42:rwx,u:43:r ddd | |||||
$ getfacl -dq ddd | |||||
> user::rwx | |||||
> user:43:r-- | |||||
> group::r-x | |||||
> group:42:rwx | |||||
> mask::rwx | |||||
> other::r-x | |||||
$ touch ddd/xxx | |||||
$ getfacl -q ddd/xxx | |||||
> user::rw- | |||||
> user:43:r-- | |||||
> group::r-x # effective: r-- | |||||
> group:42:rwx # effective: r-- | |||||
> mask::r-- | |||||
> other::r-- | |||||
$ mkdir ddd/ddd | |||||
$ getfacl -q ddd/ddd | |||||
> user::rwx | |||||
> user:43:r-- | |||||
> group::r-x | |||||
> group:42:rwx # effective: r-x | |||||
> mask::r-x | |||||
> other::r-x | |||||
$ rmdir ddd/ddd | |||||
$ rm ddd/xxx | |||||
$ rmdir ddd | |||||
# Test if we deal properly with fifos. | |||||
$ mkfifo fff | |||||
$ ls -l fff | cut -d' ' -f1 | |||||
> prw-r--r-- | |||||
$ setfacl -m u:42:r,g:43:w fff | |||||
$ getfacl fff | |||||
> # file: fff | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> user:42:r-- | |||||
> group::r-- | |||||
> group:43:-w- | |||||
> mask::rw- | |||||
> other::r-- | |||||
$ ls -l fff | cut -d' ' -f1 | |||||
> prw-rw-r--+ | |||||
$ setfacl -bn fff | |||||
$ getfacl fff | |||||
> # file: fff | |||||
> # owner: root | |||||
> # group: wheel | |||||
> user::rw- | |||||
> group::r-- | |||||
> other::r-- | |||||
$ ls -l fff | cut -d' ' -f1 | |||||
> prw-r--r-- | |||||
$ rm fff | |||||
# Test if we deal properly with device files. | |||||
$ mknod bbb b 1 1 | |||||
$ setfacl -m u:42:r,g:43:w bbb | |||||
> setfacl: bbb: acl_get_file() failed: Operation not supported | |||||
$ ls -l bbb | cut -d' ' -f1 | |||||
> brw-r--r-- | |||||
$ rm bbb | |||||
$ mknod ccc c 1 1 | |||||
$ setfacl -m u:42:r,g:43:w ccc | |||||
> setfacl: ccc: acl_get_file() failed: Operation not supported | |||||
$ ls -l ccc | cut -d' ' -f1 | |||||
> crw-r--r-- | |||||
$ rm ccc |