Index: user/ngie/more-tests/etc/mtree/BSD.tests.dist =================================================================== --- user/ngie/more-tests/etc/mtree/BSD.tests.dist (revision 288679) +++ user/ngie/more-tests/etc/mtree/BSD.tests.dist (revision 288680) @@ -1,598 +1,600 @@ # $FreeBSD$ # # Please see the file src/etc/mtree/README before making changes to this file. # /set type=dir uname=root gname=wheel mode=0755 . bin cat .. chown .. date .. expr .. ls .. mv .. pax .. pkill .. sh builtins .. errors .. execution .. expansion .. parameters .. parser .. set-e .. .. sleep .. test .. .. cddl lib .. sbin .. usr.bin .. usr.sbin dtrace common aggs .. arithmetic .. arrays .. assocs .. begin .. bitfields .. buffering .. builtinvar .. cg .. clauses .. cpc .. decls .. drops .. dtraceUtil .. end .. enum .. error .. exit .. fbtprovider .. funcs .. grammar .. include .. inline .. io .. ip .. java_api .. json .. lexer .. llquantize .. mdb .. mib .. misc .. multiaggs .. offsetof .. operators .. pid .. plockstat .. pointers .. pragma .. predicates .. preprocessor .. print .. printa .. printf .. privs .. probes .. proc .. profile-n .. providers .. raise .. rates .. safety .. scalars .. sched .. scripting .. sdt .. sizeof .. speculation .. stability .. stack .. stackdepth .. stop .. strlen .. strtoll .. struct .. syscall .. sysevent .. tick-n .. trace .. tracemem .. translators .. typedef .. types .. uctf .. union .. usdt .. ustack .. vars .. version .. .. .. .. .. etc rc.d .. .. games .. gnu lib .. usr.bin diff .. .. .. lib atf libatf-c detail .. .. libatf-c++ detail .. .. test-programs .. .. libc c063 .. db .. gen execve .. posix_spawn .. .. hash data .. .. inet .. locale .. net getaddrinfo data .. .. .. regex data .. .. ssp .. stdio .. stdlib .. string .. sys .. time .. tls dso .. .. termios .. ttyio .. .. libcrypt .. libmp .. libnv .. libpam .. libproc .. librt .. libthr dlopen .. .. libutil .. msun .. .. libexec atf atf-check .. atf-sh .. .. rtld-elf .. .. sbin dhclient .. devd .. growfs .. ifconfig .. mdconfig .. .. secure lib .. libexec .. usr.bin .. usr.sbin .. .. share examples tests atf .. plain .. .. .. .. sys + acl + .. aio .. fifo .. file .. kern execve .. .. kqueue .. mqueue .. netinet .. opencrypto .. posixshm .. pjdfstest chflags .. chmod .. chown .. ftruncate .. granular .. link .. mkdir .. mkfifo .. mknod .. open .. rename .. rmdir .. symlink .. truncate .. unlink .. .. socket .. vfs .. vm .. .. usr.bin apply .. basename .. bmake archives fmt_44bsd .. fmt_44bsd_mod .. fmt_oldbsd .. .. basic t0 .. t1 .. t2 .. t3 .. .. execution ellipsis .. empty .. joberr .. plus .. .. shell builtin .. meta .. path .. path_select .. replace .. select .. .. suffixes basic .. src_wild1 .. src_wild2 .. .. syntax directive-t0 .. enl .. funny-targets .. semi .. .. sysmk t0 2 1 .. .. mk .. .. t1 2 1 .. .. mk .. .. t2 2 1 .. .. mk .. .. .. variables modifier_M .. modifier_t .. opt_V .. t0 .. .. .. calendar .. cmp .. col .. comm .. cut .. dirname .. file2c .. grep .. gzip .. ident .. join .. jot .. lastcomm .. m4 .. mkimg .. ncal .. opensm .. printf .. sed regress.multitest.out .. .. soelim .. timeout .. tr .. truncate .. units .. uudecode .. uuencode .. xargs .. yacc yacc .. .. .. usr.sbin etcupdate .. fstyp .. newsyslog .. nmtree .. pw .. sa .. .. .. # vim: set expandtab ts=4 sw=4: Index: user/ngie/more-tests/tests/sys/Makefile =================================================================== --- user/ngie/more-tests/tests/sys/Makefile (revision 288679) +++ user/ngie/more-tests/tests/sys/Makefile (revision 288680) @@ -1,23 +1,24 @@ # $FreeBSD$ .include TESTSDIR= ${TESTSBASE}/sys +TESTS_SUBDIRS+= acl TESTS_SUBDIRS+= aio TESTS_SUBDIRS+= fifo TESTS_SUBDIRS+= file TESTS_SUBDIRS+= kern TESTS_SUBDIRS+= kqueue TESTS_SUBDIRS+= mqueue TESTS_SUBDIRS+= netinet TESTS_SUBDIRS+= opencrypto TESTS_SUBDIRS+= posixshm TESTS_SUBDIRS+= socket TESTS_SUBDIRS+= vfs TESTS_SUBDIRS+= vm # Items not integrated into kyua runs by default SUBDIR+= pjdfstest .include Index: user/ngie/more-tests/tests/sys/acl/00.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/00.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/00.sh (revision 288680) @@ -0,0 +1,88 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-posix.test on UFS filesystem. +# +# If any of the tests fails, here is how to debug it: go to +# the directory with problematic filesystem mounted on it, +# and do /path/to/test run /path/to/test tools-posix.test, e.g. +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test +# +# Output should be obvious. + +if [ $(sysctl -n kern.features.ufs_acl 2>/dev/null || echo 0) -eq 0 ]; then + echo "1..0 # SKIP system does not have UFS ACL support" + exit 0 +fi +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP you must be root" + exit 0 +fi + +echo "1..4" + +TESTDIR=$(dirname $(realpath $0)) + +# Set up the test filesystem. +MD=`mdconfig -at swap -s 10m` +MNT=`mktemp -dt acltools` +newfs /dev/$MD > /dev/null +trap "cd /; umount -f $MNT; rmdir $MNT; mdconfig -d -u $MD" EXIT +mount -o acls /dev/$MD $MNT +if [ $? -ne 0 ]; then + echo "not ok 1 - mount failed." + echo 'Bail out!' + exit 1 +fi + +echo "ok 1" + +cd $MNT + +# First, check whether we can crash the kernel by creating too many +# entries. For some reason this won't work in the test file. +touch xxx +i=0; +while :; do i=$(($i+1)); setfacl -m u:$i:rwx xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done +chmod 600 xxx +rm xxx +echo "ok 2" + +perl $TESTDIR/run $TESTDIR/tools-posix.test > /dev/null + +if [ $? -eq 0 ]; then + echo "ok 3" +else + echo "not ok 3" +fi + +cd / + +echo "ok 4" Property changes on: user/ngie/more-tests/tests/sys/acl/00.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/01.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/01.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/01.sh (revision 288680) @@ -0,0 +1,87 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-nfs4.test on ZFS filesystem. +# +# WARNING: It uses hardcoded ZFS pool name "acltools" +# +# If any of the tests fails, here is how to debug it: go to +# the directory with problematic filesystem mounted on it, +# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# Output should be obvious. + +if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then + echo "1..0 # SKIP system doesn't have ZFS loaded" + exit 0 +fi +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP you must be root" + exit 0 +fi + +echo "1..4" + +TESTDIR=$(dirname $(realpath $0)) + +# Set up the test filesystem. +MD=`mdconfig -at swap -s 64m` +MNT=`mktemp -dt acltools` +trap "cd /; zpool destroy -f acltools; rmdir $MNT; mdconfig -d -u $MD" EXIT +zpool create -m $MNT acltools /dev/$MD +if [ $? -ne 0 ]; then + echo "not ok 1 - 'zpool create' failed." + echo 'Bail out!' + exit 1 +fi + +echo "ok 1" + +cd $MNT + +# First, check whether we can crash the kernel by creating too many +# entries. For some reason this won't work in the test file. +touch xxx +setfacl -x2 xxx +while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done +chmod 600 xxx +rm xxx +echo "ok 2" + +perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test > /dev/null + +if [ $? -eq 0 ]; then + echo "ok 3" +else + echo "not ok 3" +fi + +echo "ok 4" Property changes on: user/ngie/more-tests/tests/sys/acl/01.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/02.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/02.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/02.sh (revision 288680) @@ -0,0 +1,93 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-nfs4.test on UFS filesystem. +# +# If any of the tests fails, here is how to debug it: go to +# the directory with problematic filesystem mounted on it, +# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# Output should be obvious. + +if [ $(sysctl -n kern.features.ufs_acl 2>/dev/null || echo 0) -eq 0 ]; then + echo "1..0 # SKIP system does not have UFS ACL support" + exit 0 +fi +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP you must be root" + exit 0 +fi + +echo "1..4" + +TESTDIR=$(dirname $(realpath $0)) + +# Set up the test filesystem. +MD=`mdconfig -at swap -s 10m` +MNT=`mktemp -dt acltools` +newfs /dev/$MD > /dev/null +trap "cd /; umount -f $MNT; rmdir $MNT; mdconfig -d -u $MD" EXIT +mount -o nfsv4acls /dev/$MD $MNT +if [ $? -ne 0 ]; then + echo "not ok 1 - mount failed." + echo 'Bail out!' + exit 1 +fi + +echo "ok 1" + +cd $MNT + +# First, check whether we can crash the kernel by creating too many +# entries. For some reason this won't work in the test file. +touch xxx +setfacl -x2 xxx +while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done +chmod 600 xxx +rm xxx +echo "ok 2" + +if [ `sysctl -n vfs.acl_nfs4_old_semantics` = 0 ]; then + perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test > /dev/null +else + perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null +fi + +if [ $? -eq 0 ]; then + echo "ok 3" +else + echo "not ok 3" +fi + +cd / + +echo "ok 4" + Property changes on: user/ngie/more-tests/tests/sys/acl/02.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/03.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/03.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/03.sh (revision 288680) @@ -0,0 +1,117 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-crossfs.test between UFS without +# ACLs, UFS with POSIX.1e ACLs, and ZFS with NFSv4 ACLs. +# +# WARNING: It uses hardcoded ZFS pool name "acltools" +# +# Output should be obvious. + +if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then + echo "1..0 # SKIP system doesn't have ZFS loaded" + exit 0 +fi +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP you must be root" + exit 0 +fi + +echo "1..5" + +TESTDIR=$(dirname $(realpath $0)) +MNTROOT=`mktemp -dt acltools` + +# Set up the test filesystems. +MD1=`mdconfig -at swap -s 64m` +MNT1=$MNTROOT/nfs4 +mkdir $MNT1 +zpool create -m $MNT1 acltools /dev/$MD1 +if [ $? -ne 0 ]; then + echo "not ok 1 - 'zpool create' failed." + echo 'Bail out!' + exit 1 +fi + +echo "ok 1" + +MD2=`mdconfig -at swap -s 10m` +MNT2=$MNTROOT/posix +mkdir $MNT2 +newfs /dev/$MD2 > /dev/null +mount -o acls /dev/$MD2 $MNT2 +if [ $? -ne 0 ]; then + echo "not ok 2 - mount failed." + echo 'Bail out!' + exit 1 +fi + +echo "ok 2" + +MD3=`mdconfig -at swap -s 10m` +MNT3=$MNTROOT/none +mkdir $MNT3 +newfs /dev/$MD3 > /dev/null +mount /dev/$MD3 $MNT3 +if [ $? -ne 0 ]; then + echo "not ok 3 - mount failed." + echo 'Bail out!' + exit 1 +fi + +echo "ok 3" + +cd $MNTROOT + +perl $TESTDIR/run $TESTDIR/tools-crossfs.test > /dev/null + +if [ $? -eq 0 ]; then + echo "ok 4" +else + echo "not ok 4" +fi + +cd / + +umount -f $MNT3 +rmdir $MNT3 +mdconfig -du $MD3 + +umount -f $MNT2 +rmdir $MNT2 +mdconfig -du $MD2 + +zpool destroy -f acltools +rmdir $MNT1 +mdconfig -du $MD1 + +rmdir $MNTROOT + +echo "ok 5" + Property changes on: user/ngie/more-tests/tests/sys/acl/03.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/04.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/04.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/04.sh (revision 288680) @@ -0,0 +1,73 @@ +#!/bin/sh +# +# Copyright (c) 2011 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-nfs4-trivial.test on ZFS filesystem. +# +# WARNING: It uses hardcoded ZFS pool name "acltools" + +if ! sysctl vfs.zfs.version.spa >/dev/null 2>&1; then + echo "1..0 # SKIP system doesn't have ZFS loaded" + exit 0 +fi +if [ $(id -u) -ne 0 ]; then + echo "1..0 # SKIP you must be root" + exit 0 +fi + +echo "1..3" + +TESTDIR=$(dirname $(realpath $0)) + +# Set up the test filesystem. +MD=`mdconfig -at swap -s 64m` +MNT=`mktemp -dt acltools` +zpool create -m $MNT acltools /dev/$MD +if [ $? -ne 0 ]; then + echo "not ok 1 - 'zpool create' failed." + exit 1 +fi + +echo "ok 1" + +cd $MNT + +perl $TESTDIR/run $TESTDIR/tools-nfs4-trivial.test > /dev/null + +if [ $? -eq 0 ]; then + echo "ok 2" +else + echo "not ok 2" +fi + +cd / +zpool destroy -f acltools +rmdir $MNT +mdconfig -du $MD + +echo "ok 3" Property changes on: user/ngie/more-tests/tests/sys/acl/04.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/tools-crossfs.test =================================================================== --- user/ngie/more-tests/tests/sys/acl/tools-crossfs.test (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/tools-crossfs.test (revision 288680) @@ -0,0 +1,323 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test intended to verify that cp(1) and mv(1) +# do the right thing with respect to ACLs. Run it as root using +# ACL-enabled kernel: +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# You need to have three subdirectories, named nfs4, posix and none, +# with filesystems with NFSv4 ACLs, POSIX.1e ACLs and no ACLs enabled, +# respectively, mounted on them, in your current directory. +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +$ touch nfs4/xxx +$ getfacl -nq nfs4/xxx +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ touch posix/xxx +$ getfacl -nq posix/xxx +> user::rw- +> group::r-- +> other::r-- + +# mv with POSIX.1e ACLs. +$ rm -f posix/xxx +$ rm -f posix/yyy +$ touch posix/xxx +$ chmod 456 posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -r--r-xrw- +$ setfacl -m u:42:x,g:43:w posix/xxx +$ mv posix/xxx posix/yyy +$ getfacl -nq posix/yyy +> user::r-- +> user:42:--x +> group::r-x +> group:43:-w- +> mask::rwx +> other::rw- +$ ls -l posix/yyy | cut -d' ' -f1 +> -r--rwxrw-+ + +# mv from POSIX.1e to none. +$ rm -f posix/xxx +$ rm -f none/xxx +$ touch posix/xxx +$ chmod 345 posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> --wxrwxr-x+ +$ mv posix/xxx none/xxx +> mv: failed to set acl entries for none/xxx: Operation not supported +$ ls -l none/xxx | cut -d' ' -f1 +> --wxrwxr-x + +# mv from POSIX.1e to NFSv4. +$ rm -f posix/xxx +$ rm -f nfs4/xxx +$ touch posix/xxx +$ chmod 456 posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -r--rwxrw-+ +$ mv posix/yyy nfs4/xxx +> mv: failed to set acl entries for nfs4/xxx: Invalid argument +$ getfacl -nq nfs4/xxx +> owner@:-wxp----------:-------:deny +> owner@:r-----aARWcCos:-------:allow +> group@:rwxp--a-R-c--s:-------:allow +> everyone@:rw-p--a-R-c--s:-------:allow +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r--rwxrw- + +# mv with NFSv4 ACLs. +$ rm -f nfs4/xxx +$ rm -f nfs4/yyy +$ touch nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ mv nfs4/xxx nfs4/yyy +$ getfacl -nq nfs4/yyy +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow +$ ls -l nfs4/yyy | cut -d' ' -f1 +> -rw-r--r--+ + +# mv from NFSv4 to POSIX.1e without any ACLs. +$ rm -f nfs4/xxx +$ rm -f posix/xxx +$ touch nfs4/xxx +$ chmod 456 nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r--r-xrw- +$ mv nfs4/xxx posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -r--r-xrw- + +# mv from NFSv4 to none. +$ rm -f nfs4/xxx +$ rm -f none/xxx +$ touch nfs4/xxx +$ chmod 345 nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> --wxr--r-x +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> --wxr--r-x+ +$ mv nfs4/xxx none/xxx +> mv: failed to set acl entries for none/xxx: Operation not supported +$ ls -l none/xxx | cut -d' ' -f1 +> --wxr--r-x + +# mv from NFSv4 to POSIX.1e. +$ rm -f nfs4/xxx +$ rm -f posix/xxx +$ touch nfs4/xxx +$ chmod 345 nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> --wxr--r-x +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> --wxr--r-x+ +$ mv nfs4/xxx posix/xxx +> mv: failed to set acl entries for posix/xxx: Invalid argument +$ ls -l posix/xxx | cut -d' ' -f1 +> --wxr--r-x + +# cp with POSIX.1e ACLs. +$ rm -f posix/xxx +$ rm -f posix/yyy +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr--+ +$ cp posix/xxx posix/yyy +$ ls -l posix/yyy | cut -d' ' -f1 +> -rw-r-xr-- + +# cp -p with POSIX.1e ACLs. +$ rm -f posix/xxx +$ rm -f posix/yyy +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ getfacl -nq posix/xxx +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr--+ +$ cp -p posix/xxx posix/yyy +$ getfacl -nq posix/yyy +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- +$ ls -l posix/yyy | cut -d' ' -f1 +> -rw-rwxr--+ + +# cp from POSIX.1e to none. +$ rm -f posix/xxx +$ rm -f none/xxx +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr--+ +$ cp posix/xxx none/xxx +$ ls -l none/xxx | cut -d' ' -f1 +> -rw-r-xr-- + +# cp -p from POSIX.1e to none. +$ rm -f posix/xxx +$ rm -f none/xxx +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr--+ +$ cp -p posix/xxx none/xxx +> cp: failed to set acl entries for none/xxx: Operation not supported +$ ls -l none/xxx | cut -d' ' -f1 +> -rw-rwxr-- + +# cp from POSIX.1e to NFSv4. +$ rm -f posix/xxx +$ rm -f nfs4/xxx +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr--+ +$ cp posix/xxx nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -rw-r-xr-- + +# cp -p from POSIX.1e to NFSv4. +$ rm -f posix/xxx +$ rm -f nfs4/xxx +$ touch posix/xxx +$ setfacl -m u:42:x,g:43:w posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -rw-rwxr--+ +$ cp -p posix/xxx nfs4/xxx +> cp: failed to set acl entries for nfs4/xxx: Invalid argument +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -rw-rwxr-- + +# cp with NFSv4 ACLs. +$ rm -f nfs4/xxx +$ rm -f nfs4/yyy +$ touch nfs4/xxx +$ chmod 543 nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r-xr---wx+ +$ cp nfs4/xxx nfs4/yyy +$ ls -l nfs4/yyy | cut -d' ' -f1 +> -r-xr----x + +# cp -p with NFSv4 ACLs. +$ rm -f nfs4/xxx +$ rm -f nfs4/yyy +$ touch nfs4/xxx +$ chmod 543 nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ cp -p nfs4/xxx nfs4/yyy +$ getfacl -nq nfs4/yyy +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:--x-----------:-------:allow +> owner@:-w-p----------:-------:deny +> group@:-wxp----------:-------:deny +> owner@:r-x---aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:-wxp--a-R-c--s:-------:allow +$ ls -l nfs4/yyy | cut -d' ' -f1 +> -r-xr---wx+ + +# cp from NFSv4 to none. +$ rm -f nfs4/xxx +$ rm -f none/xxx +$ touch nfs4/xxx +$ chmod 543 nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r-xr---wx+ +$ cp nfs4/xxx none/xxx +$ ls -l none/xxx | cut -d' ' -f1 +> -r-xr----x + +# cp -p from NFSv4 to none. +$ rm -f nfs4/xxx +$ rm -f none/xxx +$ touch nfs4/xxx +$ chmod 543 nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r-xr---wx+ +$ cp -p nfs4/xxx none/xxx +> cp: failed to set acl entries for none/xxx: Operation not supported +$ ls -l none/xxx | cut -d' ' -f1 +> -r-xr---wx + +# cp from NFSv4 to POSIX.1e. +$ rm -f nfs4/xxx +$ rm -f posix/xxx +$ touch nfs4/xxx +$ chmod 543 nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r-xr---wx+ +$ cp nfs4/xxx posix/xxx +$ ls -l posix/xxx | cut -d' ' -f1 +> -r-xr----x + +# cp -p from NFSv4 to POSIX.1e. +$ rm -f nfs4/xxx +$ rm -f posix/xxx +$ touch nfs4/xxx +$ chmod 543 nfs4/xxx +$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx +$ ls -l nfs4/xxx | cut -d' ' -f1 +> -r-xr---wx+ +$ cp -p nfs4/xxx posix/xxx +> cp: failed to set acl entries for posix/xxx: Invalid argument +$ ls -l posix/xxx | cut -d' ' -f1 +> -r-xr---wx Property changes on: user/ngie/more-tests/tests/sys/acl/tools-crossfs.test ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/tools-nfs4-psarc.test =================================================================== --- user/ngie/more-tests/tests/sys/acl/tools-nfs4-psarc.test (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/tools-nfs4-psarc.test (revision 288680) @@ -0,0 +1,562 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029 +# semantics. Run it as root using ACL-enabled kernel: +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +# Smoke test for getfacl(1). +$ touch xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ getfacl -q xxx +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +# Check verbose mode formatting. +$ getfacl -v xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow +> group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow +> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow + +# Test setfacl -a. +$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test user and group name resolving. +$ rm xxx +$ touch xxx +$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> user:root:-----------C--:-------:allow +> group:daemon:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Check whether ls correctly marks files with "+". +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r--+ + +# Test removing entries by number. +$ setfacl -x 1 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test setfacl -m. +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -m everyone@::deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> owner@:rw-p--aARWcCos:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test getfacl -i. +$ getfacl -i xxx +> # file: xxx +> # owner: root +> # group: wheel +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> owner@:rw-p--aARWcCos:-------:allow +> user:root:-----------C--:-------:allow:0 +> group:daemon:----------c---:-------:deny:1 +> everyone@:r-----a-R-c--s:-------:allow + +# Make sure cp without any flags does not copy copy the ACL. +$ cp xxx yyy +$ ls -l yyy | cut -d' ' -f1 +> -rw-r--r-- + +# Make sure it does with the "-p" flag. +$ rm yyy +$ cp -p xxx yyy +$ getfacl -n yyy +> # file: yyy +> # owner: root +> # group: wheel +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> owner@:rw-p--aARWcCos:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rm yyy + +# Test removing entries by... by example? +$ setfacl -x everyone@::deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test setfacl -b. +$ setfacl -b xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r-- + +# Check setfacl(1) and getfacl(1) with multiple files. +$ touch xxx yyy zzz + +$ ls -l xxx yyy zzz | cut -d' ' -f1 +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r--+ +> -rw-r--r--+ +> -rw-r--r--+ + +$ getfacl -nq nnn xxx yyy zzz +> getfacl: nnn: stat() failed: No such file or directory +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow +> +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow +> +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ setfacl -b nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ rm xxx yyy zzz + +# Test applying mode to an ACL. +$ touch xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> group@:------a-R-c--s:-------:allow +> everyone@:------a-R-c--s:-------:allow + +$ ls -l xxx | cut -d' ' -f1 +> -rw------- + +$ rm xxx +$ touch xxx +$ chown 42 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 42 +> # group: wheel +> owner@:rw-p--aARWcCos:-------:allow +> group@:------a-R-c--s:-------:allow +> everyone@:------a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> -rw------- + +$ rm xxx +$ touch xxx +$ chown 43 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 124 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 43 +> # group: wheel +> owner@:rw-p----------:-------:deny +> group@:r-------------:-------:deny +> owner@:--x---aARWcCos:-------:allow +> group@:-w-p--a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> ---x-w-r-- + +$ rm xxx +$ touch xxx +$ chown 43 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 412 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 43 +> # group: wheel +> owner@:-wxp----------:-------:deny +> group@:-w-p----------:-------:deny +> owner@:r-----aARWcCos:-------:allow +> group@:--x---a-R-c--s:-------:allow +> everyone@:-w-p--a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> -r----x-w- + +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-d-----:allow +> group:43:-w--D---------:-d-----:deny +> group@:-----da-------:-------:allow +> group:44:rw-p-da-------:-------:allow +> owner@:rwxp--aARWcCos:-------:allow +> group@:r-x---a-R-c--s:-------:allow +> everyone@:-w-p--a-R-c--s:f-i----:allow + +$ chmod 777 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> owner@:rwxp--aARWcCos:-------:allow +> group@:rwxp--a-R-c--s:-------:allow +> everyone@:rwxp--a-R-c--s:-------:allow + +# Test applying ACL to mode. +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 u:42:rwx:fi:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> drwxr-xr-x+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr----x---+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr---wx---+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr--------+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr--------+ + +# Test inheritance. +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd +$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd +$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd +$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd +$ getfacl -qn ddd +> user:41:-w-----A------:f--n---:allow +> group:41:r-----a-------:-din---:allow +> user:42:-----------Co-:f-i----:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-d-n---:deny +> group:43:-w---------C--:f-in---:deny +> user:43:rwxp----------:-------:allow +> owner@:rwxp--aARWcCos:-------:allow +> group@:r-x---a-R-c--s:-------:allow +> everyone@:r-x---a-R-c--s:-------:allow + +$ cd ddd +$ touch xxx +$ getfacl -qn xxx +> user:41:--------------:------I:allow +> user:42:--------------:------I:allow +> user:42:r-------------:------I:allow +> group:43:-w---------C--:------I:deny +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ rm xxx +$ umask 077 +$ touch xxx +$ getfacl -qn xxx +> user:41:--------------:------I:allow +> user:42:--------------:------I:allow +> user:42:--------------:------I:allow +> group:43:-w---------C--:------I:deny +> owner@:rw-p--aARWcCos:-------:allow +> group@:------a-R-c--s:-------:allow +> everyone@:------a-R-c--s:-------:allow + +$ rm xxx +$ umask 770 +$ touch xxx +$ getfacl -qn xxx +> owner@:rw-p----------:-------:deny +> group@:rw-p----------:-------:deny +> user:41:--------------:------I:allow +> user:42:--------------:------I:allow +> user:42:--------------:------I:allow +> group:43:-w---------C--:------I:deny +> owner@:------aARWcCos:-------:allow +> group@:------a-R-c--s:-------:allow +> everyone@:rw-p--a-R-c--s:-------:allow + +$ rm xxx +$ umask 707 +$ touch xxx +$ getfacl -qn xxx +> owner@:rw-p----------:-------:deny +> user:41:-w------------:------I:allow +> user:42:--------------:------I:allow +> user:42:r-------------:------I:allow +> group:43:-w---------C--:------I:deny +> owner@:------aARWcCos:-------:allow +> group@:rw-p--a-R-c--s:-------:allow +> everyone@:------a-R-c--s:-------:allow + +$ umask 077 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:------a-------:------I:allow +> user:42:-----------Co-:f-i---I:allow +> user:42:r-x-----------:f-i---I:allow +> group:42:-w--D---------:------I:deny +> owner@:rwxp--aARWcCos:-------:allow +> group@:------a-R-c--s:-------:allow +> everyone@:------a-R-c--s:-------:allow + +$ rmdir yyy +$ umask 770 +$ mkdir yyy +$ getfacl -qn yyy +> owner@:rwxp----------:-------:deny +> group@:rwxp----------:-------:deny +> group:41:------a-------:------I:allow +> user:42:-----------Co-:f-i---I:allow +> user:42:r-x-----------:f-i---I:allow +> group:42:-w--D---------:------I:deny +> owner@:------aARWcCos:-------:allow +> group@:------a-R-c--s:-------:allow +> everyone@:rwxp--a-R-c--s:-------:allow + +$ rmdir yyy +$ umask 707 +$ mkdir yyy +$ getfacl -qn yyy +> owner@:rwxp----------:-------:deny +> group:41:r-----a-------:------I:allow +> user:42:-----------Co-:f-i---I:allow +> user:42:r-x-----------:f-i---I:allow +> group:42:-w--D---------:------I:deny +> owner@:------aARWcCos:-------:allow +> group@:rwxp--a-R-c--s:-------:allow +> everyone@:------a-R-c--s:-------:allow + +# There is some complication regarding how write_acl and write_owner flags +# get inherited. Make sure we got it right. +$ setfacl -b . +$ setfacl -a0 u:42:Co:f:allow . +$ setfacl -a0 u:43:Co:d:allow . +$ setfacl -a0 u:44:Co:fd:allow . +$ setfacl -a0 u:45:Co:fi:allow . +$ setfacl -a0 u:46:Co:di:allow . +$ setfacl -a0 u:47:Co:fdi:allow . +$ setfacl -a0 u:48:Co:fn:allow . +$ setfacl -a0 u:49:Co:dn:allow . +$ setfacl -a0 u:50:Co:fdn:allow . +$ setfacl -a0 u:51:Co:fni:allow . +$ setfacl -a0 u:52:Co:dni:allow . +$ setfacl -a0 u:53:Co:fdni:allow . +$ umask 022 +$ rm xxx +$ touch xxx +$ getfacl -nq xxx +> user:53:--------------:------I:allow +> user:51:--------------:------I:allow +> user:50:--------------:------I:allow +> user:48:--------------:------I:allow +> user:47:--------------:------I:allow +> user:45:--------------:------I:allow +> user:44:--------------:------I:allow +> user:42:--------------:------I:allow +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ rmdir yyy +$ mkdir yyy +$ getfacl -nq yyy +> user:53:--------------:------I:allow +> user:52:--------------:------I:allow +> user:50:--------------:------I:allow +> user:49:--------------:------I:allow +> user:47:--------------:fd----I:allow +> user:46:--------------:-d----I:allow +> user:45:-----------Co-:f-i---I:allow +> user:44:--------------:fd----I:allow +> user:43:--------------:-d----I:allow +> user:42:-----------Co-:f-i---I:allow +> owner@:rwxp--aARWcCos:-------:allow +> group@:r-x---a-R-c--s:-------:allow +> everyone@:r-x---a-R-c--s:-------:allow + +$ setfacl -b . +$ setfacl -a0 u:42:Co:f:deny . +$ setfacl -a0 u:43:Co:d:deny . +$ setfacl -a0 u:44:Co:fd:deny . +$ setfacl -a0 u:45:Co:fi:deny . +$ setfacl -a0 u:46:Co:di:deny . +$ setfacl -a0 u:47:Co:fdi:deny . +$ setfacl -a0 u:48:Co:fn:deny . +$ setfacl -a0 u:49:Co:dn:deny . +$ setfacl -a0 u:50:Co:fdn:deny . +$ setfacl -a0 u:51:Co:fni:deny . +$ setfacl -a0 u:52:Co:dni:deny . +$ setfacl -a0 u:53:Co:fdni:deny . +$ umask 022 +$ rm xxx +$ touch xxx +$ getfacl -nq xxx +> user:53:-----------Co-:------I:deny +> user:51:-----------Co-:------I:deny +> user:50:-----------Co-:------I:deny +> user:48:-----------Co-:------I:deny +> user:47:-----------Co-:------I:deny +> user:45:-----------Co-:------I:deny +> user:44:-----------Co-:------I:deny +> user:42:-----------Co-:------I:deny +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +$ rmdir yyy +$ mkdir yyy +$ getfacl -nq yyy +> user:53:-----------Co-:------I:deny +> user:52:-----------Co-:------I:deny +> user:50:-----------Co-:------I:deny +> user:49:-----------Co-:------I:deny +> user:47:-----------Co-:fd----I:deny +> user:46:-----------Co-:-d----I:deny +> user:45:-----------Co-:f-i---I:deny +> user:44:-----------Co-:fd----I:deny +> user:43:-----------Co-:-d----I:deny +> user:42:-----------Co-:f-i---I:deny +> owner@:rwxp--aARWcCos:-------:allow +> group@:r-x---a-R-c--s:-------:allow +> everyone@:r-x---a-R-c--s:-------:allow + +$ rmdir yyy +$ rm xxx +$ cd .. +$ rmdir ddd + +$ rm xxx + Property changes on: user/ngie/more-tests/tests/sys/acl/tools-nfs4-psarc.test ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/tools-nfs4-trivial.test =================================================================== --- user/ngie/more-tests/tests/sys/acl/tools-nfs4-trivial.test (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/tools-nfs4-trivial.test (revision 288680) @@ -0,0 +1,82 @@ +# Copyright (c) 2011 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test for acl_is_trivial_np(3). Run it as root on ZFS. +# Note that this does not work on UFS with NFSv4 ACLs enabled - UFS recognizes +# both kind of trivial ACLs and replaces it by the default one. +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +# Check whether ls(1) correctly recognizes PSARC/2010/029-style trivial ACLs. +$ touch xxx + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r-- + +$ getfacl -q xxx +> owner@:rw-p--aARWcCos:-------:allow +> group@:r-----a-R-c--s:-------:allow +> everyone@:r-----a-R-c--s:-------:allow + +# Check whether ls(1) correctly recognizes draft-style trivial ACLs. +$ rm xxx +$ touch xxx +$ setfacl -a0 owner@:x:deny,owner@:rwpAWCo:allow,group@:wxp:deny,group@:r:allow,everyone@:wxpAWCo:deny,everyone@:raRcs:allow xxx +$ setfacl -x5 xxx +$ setfacl -x5 xxx +$ setfacl -x5 xxx + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r-- + +$ getfacl -q xxx +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Make sure ls(1) actually can recognize something as non-trivial. +$ setfacl -x0 xxx + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r--+ + +$ getfacl -q xxx +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rm xxx + Property changes on: user/ngie/more-tests/tests/sys/acl/tools-nfs4-trivial.test ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/tools-nfs4.test =================================================================== --- user/ngie/more-tests/tests/sys/acl/tools-nfs4.test (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/tools-nfs4.test (revision 288680) @@ -0,0 +1,828 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test for NFSv4 ACL functionality. Run it as root +# using ACL-enabled kernel: +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +# Smoke test for getfacl(1). +$ touch xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ getfacl -q xxx +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Check verbose mode formatting. +$ getfacl -v xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:execute::deny +> owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow +> group@:write_data/execute/append_data::deny +> group@:read_data::allow +> everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny +> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow + +# Test setfacl -a. +$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test user and group name resolving. +$ rm xxx +$ touch xxx +$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:root:-----------C--:-------:allow +> group:daemon:----------c---:-------:deny +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Check whether ls correctly marks files with "+". +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r--+ + +# Test removing entries by number. +$ setfacl -x 4 xxx +$ setfacl -x 4 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test setfacl -m. +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -m everyone@::deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:--------------:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test getfacl -i. +$ getfacl -i xxx +> # file: xxx +> # owner: root +> # group: wheel +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:root:-----------C--:-------:allow:0 +> group:daemon:----------c---:-------:deny:1 +> everyone@:--------------:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Make sure cp without any flags does not copy copy the ACL. +$ cp xxx yyy +$ ls -l yyy | cut -d' ' -f1 +> -rw-r--r-- + +# Make sure it does with the "-p" flag. +$ rm yyy +$ cp -p xxx yyy +$ getfacl -n yyy +> # file: yyy +> # owner: root +> # group: wheel +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> everyone@:--------------:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:--------------:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rm yyy + +# Test removing entries by... by example? +$ setfacl -x everyone@::deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> user:0:-----------C--:-------:allow +> group:1:----------c---:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +# Test setfacl -b. +$ setfacl -b xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r-- + +# Check setfacl(1) and getfacl(1) with multiple files. +$ touch xxx yyy zzz + +$ ls -l xxx yyy zzz | cut -d' ' -f1 +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r--+ +> -rw-r--r--+ +> -rw-r--r--+ + +$ getfacl -nq nnn xxx yyy zzz +> getfacl: nnn: stat() failed: No such file or directory +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow +> +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow +> +> user:42:--x-----------:-------:allow +> group:43:-w------------:-------:allow +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ setfacl -b nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ rm xxx yyy zzz + +# Test applying mode to an ACL. +$ touch xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user:42:r-------------:-------:deny +> user:42:r-------------:-------:allow +> user:43:-w------------:-------:deny +> user:43:-w------------:-------:allow +> user:44:--x-----------:-------:deny +> user:44:--x-----------:-------:allow +> owner@:--------------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:--------------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:rwxp----------:-------:deny +> group@:--------------:-------:allow +> everyone@:rwxp---A-W-Co-:-------:deny +> everyone@:------a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> -rw-------+ + +$ rm xxx +$ touch xxx +$ chown 42 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 42 +> # group: wheel +> user:42:--------------:-------:deny +> user:42:r-------------:-------:allow +> user:43:-w------------:-------:deny +> user:43:-w------------:-------:allow +> user:44:--x-----------:-------:deny +> user:44:--x-----------:-------:allow +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:rwxp----------:-------:deny +> group@:--------------:-------:allow +> everyone@:rwxp---A-W-Co-:-------:deny +> everyone@:------a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> -rw-------+ + +$ rm xxx +$ touch xxx +$ chown 43 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 124 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 43 +> # group: wheel +> user:42:r-------------:-------:deny +> user:42:r-------------:-------:allow +> user:43:-w------------:-------:deny +> user:43:-w------------:-------:allow +> user:44:--x-----------:-------:deny +> user:44:--x-----------:-------:allow +> owner@:rw-p----------:-------:deny +> owner@:--x----A-W-Co-:-------:allow +> group@:r-x-----------:-------:deny +> group@:-w-p----------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> ---x-w-r--+ + +$ rm xxx +$ touch xxx +$ chown 43 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 412 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 43 +> # group: wheel +> user:42:r-------------:-------:deny +> user:42:r-------------:-------:allow +> user:43:-w------------:-------:deny +> user:43:-w------------:-------:allow +> user:44:--------------:-------:deny +> user:44:--x-----------:-------:allow +> owner@:-wxp----------:-------:deny +> owner@:r------A-W-Co-:-------:allow +> group@:rw-p----------:-------:deny +> group@:--x-----------:-------:allow +> everyone@:r-x----A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:-------:allow +$ ls -l xxx | cut -d' ' -f1 +> -r----x-w-+ + +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-d-----:allow +> group:43:-w--D---------:-d-----:deny +> group@:-----da-------:-------:allow +> group:44:rw-p-da-------:-------:allow +> owner@:--------------:-------:deny +> owner@:rwxp---A-W-Co-:-------:allow +> group@:-w-p----------:-------:deny +> group@:r-x-----------:-------:allow +> everyone@:-w-p---A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:f-i----:allow +$ chmod 777 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-di----:allow +> group:42:--------------:-------:deny +> group:42:-w--D---------:-------:allow +> group:43:-w--D---------:-di----:deny +> group:43:-w--D---------:-------:deny +> group@:-----da-------:-------:allow +> group:44:--------------:-------:deny +> group:44:rw-p-da-------:-------:allow +> owner@:--------------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:--------------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:f-i----:allow +> owner@:--------------:-------:deny +> owner@:rwxp---A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:rwxp----------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> everyone@:rwxp--a-R-c--s:-------:allow + +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ chmod 124 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-di----:allow +> group:42:--------------:-------:deny +> group:42:----D---------:-------:allow +> group:43:-w--D---------:-di----:deny +> group:43:-w--D---------:-------:deny +> group@:-----da-------:-------:allow +> group:44:r-------------:-------:deny +> group:44:r----da-------:-------:allow +> owner@:--------------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:--------------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:f-i----:allow +> owner@:rw-p----------:-------:deny +> owner@:--x----A-W-Co-:-------:allow +> group@:r-x-----------:-------:deny +> group@:-w-p----------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ chmod 412 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-------------:-------:deny +> user:42:r-x-----------:-------:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-di----:allow +> group:42:-w------------:-------:deny +> group:42:-w--D---------:-------:allow +> group:43:-w--D---------:-di----:deny +> group:43:-w--D---------:-------:deny +> group@:-----da-------:-------:allow +> group:44:rw-p----------:-------:deny +> group:44:rw-p-da-------:-------:allow +> owner@:--------------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:--------------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:f-i----:allow +> owner@:-wxp----------:-------:deny +> owner@:r------A-W-Co-:-------:allow +> group@:rw-p----------:-------:deny +> group@:--x-----------:-------:allow +> everyone@:r-x----A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:-------:allow + +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ chown 42 ddd +$ chmod 412 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: 42 +> # group: wheel +> user:42:--x-----------:-------:deny +> user:42:r-x-----------:-------:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-di----:allow +> group:42:-w------------:-------:deny +> group:42:-w--D---------:-------:allow +> group:43:-w--D---------:-di----:deny +> group:43:-w--D---------:-------:deny +> group@:-----da-------:-------:allow +> group:44:rw-p----------:-------:deny +> group:44:rw-p-da-------:-------:allow +> owner@:--------------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:--------------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:f-i----:allow +> owner@:-wxp----------:-------:deny +> owner@:r------A-W-Co-:-------:allow +> group@:rw-p----------:-------:deny +> group@:--x-----------:-------:allow +> everyone@:r-x----A-W-Co-:-------:deny +> everyone@:-w-p--a-R-c--s:-------:allow + +# Test applying ACL to mode. +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 u:42:rwx:fi:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> drwxr-xr-x+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr----x---+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr---wx---+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr--------+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr--------+ + +# Test inheritance. +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd +$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd +$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd +$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd +$ getfacl -qn ddd +> user:41:-w-----A------:f--n---:allow +> group:41:r-----a-------:-din---:allow +> user:42:-----------Co-:f-i----:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-d-n---:deny +> group:43:-w---------C--:f-in---:deny +> user:43:rwxp----------:-------:allow +> owner@:--------------:-------:deny +> owner@:rwxp---A-W-Co-:-------:allow +> group@:-w-p----------:-------:deny +> group@:r-x-----------:-------:allow +> everyone@:-w-p---A-W-Co-:-------:deny +> everyone@:r-x---a-R-c--s:-------:allow + +$ cd ddd +$ touch xxx +$ getfacl -qn xxx +> user:41:-w------------:-------:deny +> user:41:-w-----A------:-------:allow +> user:42:--------------:-------:deny +> user:42:--------------:-------:allow +> user:42:--x-----------:-------:deny +> user:42:r-x-----------:-------:allow +> group:43:-w---------C--:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rm xxx +$ umask 077 +$ touch xxx +$ getfacl -qn xxx +> user:41:-w------------:-------:deny +> user:41:-w-----A------:-------:allow +> user:42:--------------:-------:deny +> user:42:--------------:-------:allow +> user:42:r-x-----------:-------:deny +> user:42:r-x-----------:-------:allow +> group:43:-w---------C--:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:rwxp----------:-------:deny +> group@:--------------:-------:allow +> everyone@:rwxp---A-W-Co-:-------:deny +> everyone@:------a-R-c--s:-------:allow + +$ rm xxx +$ umask 770 +$ touch xxx +$ getfacl -qn xxx +> user:41:-w------------:-------:deny +> user:41:-w-----A------:-------:allow +> user:42:--------------:-------:deny +> user:42:--------------:-------:allow +> user:42:r-x-----------:-------:deny +> user:42:r-x-----------:-------:allow +> group:43:-w---------C--:-------:deny +> owner@:rwxp----------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:rwxp----------:-------:deny +> group@:--------------:-------:allow +> everyone@:--x----A-W-Co-:-------:deny +> everyone@:rw-p--a-R-c--s:-------:allow + +$ rm xxx +$ umask 707 +$ touch xxx +$ getfacl -qn xxx +> user:41:--------------:-------:deny +> user:41:-w-----A------:-------:allow +> user:42:--------------:-------:deny +> user:42:--------------:-------:allow +> user:42:--x-----------:-------:deny +> user:42:r-x-----------:-------:allow +> group:43:-w---------C--:-------:deny +> owner@:rwxp----------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--x-----------:-------:deny +> group@:rw-p----------:-------:allow +> everyone@:rwxp---A-W-Co-:-------:deny +> everyone@:------a-R-c--s:-------:allow + +$ umask 077 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:r-------------:-------:deny +> group:41:r-----a-------:-------:allow +> user:42:-----------Co-:f-i----:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-------:deny +> owner@:--------------:-------:deny +> owner@:rwxp---A-W-Co-:-------:allow +> group@:rwxp----------:-------:deny +> group@:--------------:-------:allow +> everyone@:rwxp---A-W-Co-:-------:deny +> everyone@:------a-R-c--s:-------:allow + +$ rmdir yyy +$ umask 770 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:r-------------:-------:deny +> group:41:r-----a-------:-------:allow +> user:42:-----------Co-:f-i----:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-------:deny +> owner@:rwxp----------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:rwxp----------:-------:deny +> group@:--------------:-------:allow +> everyone@:-------A-W-Co-:-------:deny +> everyone@:rwxp--a-R-c--s:-------:allow + +$ rmdir yyy +$ umask 707 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:--------------:-------:deny +> group:41:------a-------:-------:allow +> user:42:-----------Co-:f-i----:allow +> user:42:r-x-----------:f-i----:allow +> group:42:-w--D---------:-------:deny +> owner@:rwxp----------:-------:deny +> owner@:-------A-W-Co-:-------:allow +> group@:--------------:-------:deny +> group@:rwxp----------:-------:allow +> everyone@:rwxp---A-W-Co-:-------:deny +> everyone@:------a-R-c--s:-------:allow + +# There is some complication regarding how write_acl and write_owner flags +# get inherited. Make sure we got it right. +$ setfacl -b . +$ setfacl -a0 u:42:Co:f:allow . +$ setfacl -a0 u:43:Co:d:allow . +$ setfacl -a0 u:44:Co:fd:allow . +$ setfacl -a0 u:45:Co:fi:allow . +$ setfacl -a0 u:46:Co:di:allow . +$ setfacl -a0 u:47:Co:fdi:allow . +$ setfacl -a0 u:48:Co:fn:allow . +$ setfacl -a0 u:49:Co:dn:allow . +$ setfacl -a0 u:50:Co:fdn:allow . +$ setfacl -a0 u:51:Co:fni:allow . +$ setfacl -a0 u:52:Co:dni:allow . +$ setfacl -a0 u:53:Co:fdni:allow . +$ umask 022 +$ rm xxx +$ touch xxx +$ getfacl -nq xxx +> user:53:--------------:-------:deny +> user:53:--------------:-------:allow +> user:51:--------------:-------:deny +> user:51:--------------:-------:allow +> user:50:--------------:-------:deny +> user:50:--------------:-------:allow +> user:48:--------------:-------:deny +> user:48:--------------:-------:allow +> user:47:--------------:-------:deny +> user:47:--------------:-------:allow +> user:45:--------------:-------:deny +> user:45:--------------:-------:allow +> user:44:--------------:-------:deny +> user:44:--------------:-------:allow +> user:42:--------------:-------:deny +> user:42:--------------:-------:allow +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rmdir yyy +$ mkdir yyy +$ getfacl -nq yyy +> user:53:--------------:-------:deny +> user:53:--------------:-------:allow +> user:52:--------------:-------:deny +> user:52:--------------:-------:allow +> user:50:--------------:-------:deny +> user:50:--------------:-------:allow +> user:49:--------------:-------:deny +> user:49:--------------:-------:allow +> user:47:-----------Co-:fdi----:allow +> user:47:--------------:-------:deny +> user:47:--------------:-------:allow +> user:46:-----------Co-:-di----:allow +> user:46:--------------:-------:deny +> user:46:--------------:-------:allow +> user:45:-----------Co-:f-i----:allow +> user:44:-----------Co-:fdi----:allow +> user:44:--------------:-------:deny +> user:44:--------------:-------:allow +> user:43:-----------Co-:-di----:allow +> user:43:--------------:-------:deny +> user:43:--------------:-------:allow +> user:42:-----------Co-:f-i----:allow +> owner@:--------------:-------:deny +> owner@:rwxp---A-W-Co-:-------:allow +> group@:-w-p----------:-------:deny +> group@:r-x-----------:-------:allow +> everyone@:-w-p---A-W-Co-:-------:deny +> everyone@:r-x---a-R-c--s:-------:allow + +$ setfacl -b . +$ setfacl -a0 u:42:Co:f:deny . +$ setfacl -a0 u:43:Co:d:deny . +$ setfacl -a0 u:44:Co:fd:deny . +$ setfacl -a0 u:45:Co:fi:deny . +$ setfacl -a0 u:46:Co:di:deny . +$ setfacl -a0 u:47:Co:fdi:deny . +$ setfacl -a0 u:48:Co:fn:deny . +$ setfacl -a0 u:49:Co:dn:deny . +$ setfacl -a0 u:50:Co:fdn:deny . +$ setfacl -a0 u:51:Co:fni:deny . +$ setfacl -a0 u:52:Co:dni:deny . +$ setfacl -a0 u:53:Co:fdni:deny . +$ umask 022 +$ rm xxx +$ touch xxx +$ getfacl -nq xxx +> user:53:-----------Co-:-------:deny +> user:51:-----------Co-:-------:deny +> user:50:-----------Co-:-------:deny +> user:48:-----------Co-:-------:deny +> user:47:-----------Co-:-------:deny +> user:45:-----------Co-:-------:deny +> user:44:-----------Co-:-------:deny +> user:42:-----------Co-:-------:deny +> owner@:--x-----------:-------:deny +> owner@:rw-p---A-W-Co-:-------:allow +> group@:-wxp----------:-------:deny +> group@:r-------------:-------:allow +> everyone@:-wxp---A-W-Co-:-------:deny +> everyone@:r-----a-R-c--s:-------:allow + +$ rmdir yyy +$ mkdir yyy +$ getfacl -nq yyy +> user:53:-----------Co-:-------:deny +> user:52:-----------Co-:-------:deny +> user:50:-----------Co-:-------:deny +> user:49:-----------Co-:-------:deny +> user:47:-----------Co-:fdi----:deny +> user:47:-----------Co-:-------:deny +> user:46:-----------Co-:-di----:deny +> user:46:-----------Co-:-------:deny +> user:45:-----------Co-:f-i----:deny +> user:44:-----------Co-:fdi----:deny +> user:44:-----------Co-:-------:deny +> user:43:-----------Co-:-di----:deny +> user:43:-----------Co-:-------:deny +> user:42:-----------Co-:f-i----:deny +> owner@:--------------:-------:deny +> owner@:rwxp---A-W-Co-:-------:allow +> group@:-w-p----------:-------:deny +> group@:r-x-----------:-------:allow +> everyone@:-w-p---A-W-Co-:-------:deny +> everyone@:r-x---a-R-c--s:-------:allow + +$ rmdir yyy +$ rm xxx +$ cd .. +$ rmdir ddd + +$ rm xxx + Property changes on: user/ngie/more-tests/tests/sys/acl/tools-nfs4.test ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/run =================================================================== --- user/ngie/more-tests/tests/sys/acl/run (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/run (revision 288680) @@ -0,0 +1,329 @@ +#!/usr/bin/perl -w -U + +# Copyright (c) 2007, 2008 Andreas Gruenbacher. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions, and the following disclaimer, +# without modification, immediately at the beginning of the file. +# 2. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# Alternatively, this software may be distributed under the terms of the +# GNU Public License ("GPL"). +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR +# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# +# Possible improvements: +# +# - distinguish stdout and stderr output +# - add environment variable like assignments +# - run up to a specific line +# - resume at a specific line +# + +use strict; +use FileHandle; +use Getopt::Std; +use POSIX qw(isatty setuid getcwd); +use vars qw($opt_l $opt_v); + +no warnings qw(taint); + +$opt_l = ~0; # a really huge number +getopts('l:v'); + +my ($OK, $FAILED) = ("ok", "failed"); +if (isatty(fileno(STDOUT))) { + $OK = "\033[32m" . $OK . "\033[m"; + $FAILED = "\033[31m\033[1m" . $FAILED . "\033[m"; +} + +sub exec_test($$); +sub process_test($$$$); + +my ($prog, $in, $out) = ([], [], []); +my $prog_line = 0; +my ($tests, $failed) = (0,0); +my $lineno; +my $width = ($ENV{COLUMNS} || 80) >> 1; + +for (;;) { + my $line = <>; $lineno++; + if (defined $line) { + # Substitute %VAR and %{VAR} with environment variables. + $line =~ s[%(\w+)][$ENV{$1}]eg; + $line =~ s[%{(\w+)}][$ENV{$1}]eg; + } + if (defined $line) { + if ($line =~ s/^\s*< ?//) { + push @$in, $line; + } elsif ($line =~ s/^\s*> ?//) { + push @$out, $line; + } else { + process_test($prog, $prog_line, $in, $out); + last if $prog_line >= $opt_l; + + $prog = []; + $prog_line = 0; + } + if ($line =~ s/^\s*\$ ?//) { + $prog = [ map { s/\\(.)/$1/g; $_ } split /(? @$result) ? @$out : @$result; + for (my $n=0; $n < $nmax; $n++) { + my $use_re; + if (defined $out->[$n] && $out->[$n] =~ /^~ /) { + $use_re = 1; + $out->[$n] =~ s/^~ //g; + } + + if (!defined($out->[$n]) || !defined($result->[$n]) || + (!$use_re && $result->[$n] ne $out->[$n]) || + ( $use_re && $result->[$n] !~ /^$out->[$n]/)) { + push @good, ($use_re ? '!~' : '!='); + } + else { + push @good, ($use_re ? '=~' : '=='); + } + } + my $good = !(grep /!/, @good); + $tests++; + $failed++ unless $good; + print $good ? $OK : $FAILED, "\n"; + if (!$good || $opt_v) { + for (my $n=0; $n < $nmax; $n++) { + my $l = defined($out->[$n]) ? $out->[$n] : "~"; + chomp $l; + my $r = defined($result->[$n]) ? $result->[$n] : "~"; + chomp $r; + print sprintf("%-" . ($width-3) . "s %s %s\n", + $r, $good[$n], $l); + } + } +} + + +sub su($) { + my ($user) = @_; + + $user ||= "root"; + + my ($login, $pass, $uid, $gid) = getpwnam($user) + or return [ "su: user $user does not exist\n" ]; + my @groups = (); + my $fh = new FileHandle("/etc/group") + or return [ "opening /etc/group: $!\n" ]; + while (<$fh>) { + chomp; + my ($group, $passwd, $gid, $users) = split /:/; + foreach my $u (split /,/, $users) { + push @groups, $gid + if ($user eq $u); + } + } + $fh->close; + + my $groups = join(" ", ($gid, $gid, @groups)); + #print STDERR "[[$groups]]\n"; + $! = 0; # reset errno + $> = 0; + $( = $gid; + $) = $groups; + if ($!) { + return [ "su: $!\n" ]; + } + if ($uid != 0) { + $> = $uid; + #$< = $uid; + if ($!) { + return [ "su: $prog->[1]: $!\n" ]; + } + } + #print STDERR "[($>,$<)($(,$))]"; + return []; +} + + +sub sg($) { + my ($group) = @_; + + my $gid = getgrnam($group) + or return [ "sg: group $group does not exist\n" ]; + my %groups = map { $_ eq $gid ? () : ($_ => 1) } (split /\s/, $)); + + #print STDERR "<<", join("/", keys %groups), ">>\n"; + my $groups = join(" ", ($gid, $gid, keys %groups)); + #print STDERR "[[$groups]]\n"; + $! = 0; # reset errno + if ($> != 0) { + my $uid = $>; + $> = 0; + $( = $gid; + $) = $groups; + $> = $uid; + } else { + $( = $gid; + $) = $groups; + } + if ($!) { + return [ "sg: $!\n" ]; + } + print STDERR "[($>,$<)($(,$))]"; + return []; +} + + +sub exec_test($$) { + my ($prog, $in) = @_; + local (*IN, *IN_DUP, *IN2, *OUT_DUP, *OUT, *OUT2); + my $needs_shell = (join('', @$prog) =~ /[][|<>"'`\$\*\?]/); + + if ($prog->[0] eq "umask") { + umask oct $prog->[1]; + return []; + } elsif ($prog->[0] eq "cd") { + if (!chdir $prog->[1]) { + return [ "chdir: $prog->[1]: $!\n" ]; + } + $ENV{PWD} = getcwd; + return []; + } elsif ($prog->[0] eq "su") { + return su($prog->[1]); + } elsif ($prog->[0] eq "sg") { + return sg($prog->[1]); + } elsif ($prog->[0] eq "export") { + my ($name, $value) = split /=/, $prog->[1]; + # FIXME: need to evaluate $value, so that things like this will work: + # export dir=$PWD/dir + $ENV{$name} = $value; + return []; + } elsif ($prog->[0] eq "unset") { + delete $ENV{$prog->[1]}; + return []; + } + + pipe *IN2, *OUT + or die "Can't create pipe for reading: $!"; + open *IN_DUP, "<&STDIN" + or *IN_DUP = undef; + open *STDIN, "<&IN2" + or die "Can't duplicate pipe for reading: $!"; + close *IN2; + + open *OUT_DUP, ">&STDOUT" + or die "Can't duplicate STDOUT: $!"; + pipe *IN, *OUT2 + or die "Can't create pipe for writing: $!"; + open *STDOUT, ">&OUT2" + or die "Can't duplicate pipe for writing: $!"; + close *OUT2; + + *STDOUT->autoflush(); + *OUT->autoflush(); + + $SIG{CHLD} = 'IGNORE'; + + if (fork()) { + # Server + if (*IN_DUP) { + open *STDIN, "<&IN_DUP" + or die "Can't duplicate STDIN: $!"; + close *IN_DUP + or die "Can't close STDIN duplicate: $!"; + } + open *STDOUT, ">&OUT_DUP" + or die "Can't duplicate STDOUT: $!"; + close *OUT_DUP + or die "Can't close STDOUT duplicate: $!"; + + foreach my $line (@$in) { + #print "> $line"; + print OUT $line; + } + close *OUT + or die "Can't close pipe for writing: $!"; + + my $result = []; + while () { + #print "< $_"; + if ($needs_shell) { + s#^/bin/sh: line \d+: ##; + } + push @$result, $_; + } + return $result; + } else { + # Client + $< = $>; + close IN + or die "Can't close read end for input pipe: $!"; + close OUT + or die "Can't close write end for output pipe: $!"; + close OUT_DUP + or die "Can't close STDOUT duplicate: $!"; + local *ERR_DUP; + open ERR_DUP, ">&STDERR" + or die "Can't duplicate STDERR: $!"; + open STDERR, ">&STDOUT" + or die "Can't join STDOUT and STDERR: $!"; + + if ($needs_shell) { + exec ('/bin/sh', '-c', join(" ", @$prog)); + } else { + exec @$prog; + } + print STDERR $prog->[0], ": $!\n"; + exit; + } +} + Property changes on: user/ngie/more-tests/tests/sys/acl/run ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/mktrivial.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/mktrivial.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/mktrivial.sh (revision 288680) @@ -0,0 +1,53 @@ +#!/bin/sh +# +# Copyright (c) 2010 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This shell script generates an input file for the "run" script, used +# to verify generation of trivial ACLs. + +echo "$ touch f" +touch f + +for s in `jot 7 0 7`; do + for u in `jot 7 0 7`; do + for g in `jot 7 0 7`; do + for o in `jot 7 0 7`; do + echo "$ chmod 0$s$u$g$o f" + chmod "0$s$u$g$o" f + echo "$ ls -l f | cut -d' ' -f1" + ls -l f | cut -d' ' -f1 | sed 's/^/> /' + echo "$ getfacl -q f" + getfacl -q f | sed 's/^/> /' + done + done + done +done + +echo "$ rm f" +rm f + Property changes on: user/ngie/more-tests/tests/sys/acl/mktrivial.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/aclfuzzer.sh =================================================================== --- user/ngie/more-tests/tests/sys/acl/aclfuzzer.sh (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/aclfuzzer.sh (revision 288680) @@ -0,0 +1,225 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is an NFSv4 ACL fuzzer. It expects to be run by non-root in a scratch +# directory on a filesystem with NFSv4 ACLs support. Output it generates +# is expected to be fed to /usr/src/tools/regression/acltools/run script. + +NUMBER_OF_COMMANDS=300 + +run_command() +{ + echo "\$ $1" + eval $1 2>&1 | sed 's/^/> /' +} + +rnd_from_0_to() +{ + max=`expr $1 + 1` + rnd=`jot -r 1` + rnd=`expr $rnd % $max` + + echo $rnd +} + +rnd_path() +{ + rnd=`rnd_from_0_to 3` + case $rnd in + 0) echo "$TMP/aaa" ;; + 1) echo "$TMP/bbb" ;; + 2) echo "$TMP/aaa/ccc" ;; + 3) echo "$TMP/bbb/ddd" ;; + esac +} + +f_prepend_random_acl_on() +{ + rnd=`rnd_from_0_to 4` + case $rnd in + 0) u="owner@" ;; + 1) u="group@" ;; + 2) u="everyone@" ;; + 3) u="u:1138" ;; + 4) u="g:1138" ;; + esac + + p="" + while :; do + rnd=`rnd_from_0_to 30` + if [ -n "$p" -a $rnd -ge 14 ]; then + break; + fi + + case $rnd in + 0) p="${p}r" ;; + 1) p="${p}w" ;; + 2) p="${p}x" ;; + 3) p="${p}p" ;; + 4) p="${p}d" ;; + 5) p="${p}D" ;; + 6) p="${p}a" ;; + 7) p="${p}A" ;; + 8) p="${p}R" ;; + 9) p="${p}W" ;; + 10) p="${p}R" ;; + 11) p="${p}c" ;; + 12) p="${p}C" ;; + 13) p="${p}o" ;; + 14) p="${p}s" ;; + esac + done + + f="" + while :; do + rnd=`rnd_from_0_to 10` + if [ $rnd -ge 6 ]; then + break; + fi + + case $rnd in + 0) f="${f}f" ;; + 1) f="${f}d" ;; + 2) f="${f}n" ;; + 3) f="${f}i" ;; + esac + done + + rnd=`rnd_from_0_to 1` + case $rnd in + 0) x="allow" ;; + 1) x="deny" ;; + esac + + acl="$u:$p:$f:$x" + + file=`rnd_path` + run_command "setfacl -a0 $acl $file" +} + +f_getfacl() +{ + file=`rnd_path` + run_command "getfacl -qn $file" +} + +f_ls_mode() +{ + file=`rnd_path` + run_command "ls -al $file | sed -n '2p' | cut -d' ' -f1" +} + +f_chmod() +{ + b1=`rnd_from_0_to 7` + b2=`rnd_from_0_to 7` + b3=`rnd_from_0_to 7` + b4=`rnd_from_0_to 7` + file=`rnd_path` + + run_command "chmod $b1$b2$b3$b4 $file $2" +} + +f_touch() +{ + file=`rnd_path` + run_command "touch $file" +} + +f_rm() +{ + file=`rnd_path` + run_command "rm -f $file" +} + +f_mkdir() +{ + file=`rnd_path` + run_command "mkdir $file" +} + +f_rmdir() +{ + file=`rnd_path` + run_command "rmdir $file" +} + +f_mv() +{ + from=`rnd_path` + to=`rnd_path` + run_command "mv -f $from $to" +} + +# XXX: To be implemented: chown(8), setting times with touch(1). + +switch_to_random_user() +{ + # XXX: To be implemented. +} + +execute_random_command() +{ + rnd=`rnd_from_0_to 20` + + case $rnd in + 0|10|11|12|13|15) cmd=f_prepend_random_acl_on ;; + 1) cmd=f_getfacl ;; + 2) cmd=f_ls_mode ;; + 3) cmd=f_chmod ;; + 4|18|19) cmd=f_touch ;; + 5) cmd=f_rm ;; + 6|16|17) cmd=f_mkdir ;; + 7) cmd=f_rmdir ;; + 8) cmd=f_mv ;; + esac + + $cmd "XXX" +} + +echo "# Fuzzing; will stop after $NUMBER_OF_COMMANDS commands." +TMP="aclfuzzer_`dd if=/dev/random bs=1k count=1 2>/dev/null | openssl md5`" + +run_command "whoami" +umask 022 +run_command "umask 022" +run_command "mkdir $TMP" + +i=0; +while [ "$i" -lt "$NUMBER_OF_COMMANDS" ]; do + switch_to_random_user + execute_random_command + i=`expr $i + 1` +done + +run_command "find $TMP -exec setfacl -a0 everyone@:rxd:allow {} \;" +run_command "rm -rfv $TMP" + +echo "# Fuzzed, thank you." + Property changes on: user/ngie/more-tests/tests/sys/acl/aclfuzzer.sh ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tests/sys/acl/tools-posix.test =================================================================== --- user/ngie/more-tests/tests/sys/acl/tools-posix.test (nonexistent) +++ user/ngie/more-tests/tests/sys/acl/tools-posix.test (revision 288680) @@ -0,0 +1,453 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test for POSIX.1e ACL functionality. Run it as root +# using ACL-enabled kernel: +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +# Smoke test for getfacl(1). +$ touch xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> other::r-- + +$ getfacl -q xxx +> user::rw- +> group::r-- +> other::r-- + +$ setfacl -m u:42:r,g:43:w xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> user:42:r-- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +# Check whether ls correctly marks files with "+". +$ ls -l xxx | cut -d' ' -f1 +> -rw-rw-r--+ + +# Same as above, but for symlinks. +$ ln -s xxx lll +$ getfacl -h lll +> # file: lll +> # owner: root +> # group: wheel +> user::rwx +> group::r-x +> other::r-x + +$ getfacl -qh lll +> user::rwx +> group::r-x +> other::r-x + +$ getfacl -q lll +> user::rw- +> user:42:r-- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +$ setfacl -hm u:44:x,g:45:w lll +$ getfacl -h lll +> # file: lll +> # owner: root +> # group: wheel +> user::rwx +> user:44:--x +> group::r-x +> group:45:-w- +> mask::rwx +> other::r-x + +$ ls -l lll | cut -d' ' -f1 +> lrwxrwxr-x+ + +# Check whether the original file is left untouched. +$ ls -l xxx | cut -d' ' -f1 +> -rw-rw-r--+ + +$ rm lll + +# Test removing entries. +$ setfacl -x user:42: xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +$ setfacl -m u:42:r xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> user:42:r-- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +# Test removing entries by number. +$ setfacl -x 1 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +$ setfacl -m g:43:r xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> group:43:r-- +> mask::r-- +> other::r-- + +# Make sure cp without any flags does not copy the ACL. +$ cp xxx yyy +$ ls -l yyy | cut -d' ' -f1 +> -rw-r--r-- + +# Make sure it does with the "-p" flag. +$ rm yyy +$ cp -p xxx yyy +$ getfacl -n yyy +> # file: yyy +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> group:43:r-- +> mask::r-- +> other::r-- + +$ rm yyy + +# Test removing entries by... by example? +$ setfacl -m u:42:r,g:43:w xxx +$ setfacl -x u:42: xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +# Test setfacl -b. +$ setfacl -b xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> mask::r-- +> other::r-- + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r--+ + +$ setfacl -nb xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> other::r-- + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r-- + +# Check setfacl(1) and getfacl(1) with multiple files. +$ touch xxx yyy zzz + +$ ls -l xxx yyy zzz | cut -d' ' -f1 +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-rwxr--+ +> -rw-rwxr--+ +> -rw-rwxr--+ + +$ getfacl -nq nnn xxx yyy zzz +> getfacl: nnn: stat() failed: No such file or directory +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- +> +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- +> +> user::rw- +> user:42:--x +> group::r-- +> group:43:-w- +> mask::rwx +> other::r-- + +$ setfacl -b nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r--+ +> -rw-r--r--+ +> -rw-r--r--+ + +$ setfacl -bn nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ rm xxx yyy zzz + +# Check whether chmod actually does what it should do. +$ touch xxx +$ setfacl -m u:42:rwx,g:43:rwx xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::rw- +> user:42:rwx # effective: --- +> group::r-- # effective: --- +> group:43:rwx # effective: --- +> mask::--- +> other::--- + +$ chmod 060 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user::--- +> user:42:rwx # effective: rw- +> group::r-- +> group:43:rwx # effective: rw- +> mask::rw- +> other::--- + +# Test default ACLs. +$ umask 022 +$ mkdir ddd +$ getfacl -qn ddd +> user::rwx +> group::r-x +> other::r-x + +$ ls -l | grep ddd | cut -d' ' -f1 +> drwxr-xr-x + +$ getfacl -dq ddd +$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd +$ getfacl -dqn ddd +> user::rwx +> group::r-x +> mask::rwx +> other::r-x + +# No change - ls(1) output doesn't take into account default ACLs. +$ ls -l | grep ddd | cut -d' ' -f1 +> drwxr-xr-x + +$ setfacl -dm g:42:rwx,u:42:r ddd +$ setfacl -dm g::w ddd +$ getfacl -dqn ddd +> user::rwx +> user:42:r-- +> group::-w- +> group:42:rwx +> mask::rwx +> other::r-x + +$ setfacl -dx group:42: ddd +$ getfacl -dqn ddd +> user::rwx +> user:42:r-- +> group::-w- +> mask::rw- +> other::r-x + +$ ls -l | grep ddd | cut -d' ' -f1 +> drwxr-xr-x + +$ rmdir ddd +$ rm xxx + +# Test inheritance. +$ mkdir ddd + +$ touch ddd/xxx +$ getfacl -q ddd/xxx +> user::rw- +> group::r-- +> other::r-- + +$ mkdir ddd/ddd +$ getfacl -q ddd/ddd +> user::rwx +> group::r-x +> other::r-x + +$ rmdir ddd/ddd +$ rm ddd/xxx + +$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd +$ setfacl -dm g:42:rwx,u:43:r ddd +$ getfacl -dq ddd +> user::rwx +> user:43:r-- +> group::r-x +> group:42:rwx +> mask::rwx +> other::r-x + +$ touch ddd/xxx +$ getfacl -q ddd/xxx +> user::rw- +> user:43:r-- +> group::r-x # effective: r-- +> group:42:rwx # effective: r-- +> mask::r-- +> other::r-- + +$ mkdir ddd/ddd +$ getfacl -q ddd/ddd +> user::rwx +> user:43:r-- +> group::r-x +> group:42:rwx # effective: r-x +> mask::r-x +> other::r-x + +$ rmdir ddd/ddd +$ rm ddd/xxx +$ rmdir ddd + +# Test if we deal properly with fifos. +$ mkfifo fff +$ ls -l fff | cut -d' ' -f1 +> prw-r--r-- + +$ setfacl -m u:42:r,g:43:w fff +$ getfacl fff +> # file: fff +> # owner: root +> # group: wheel +> user::rw- +> user:42:r-- +> group::r-- +> group:43:-w- +> mask::rw- +> other::r-- + +$ ls -l fff | cut -d' ' -f1 +> prw-rw-r--+ + +$ setfacl -bn fff +$ getfacl fff +> # file: fff +> # owner: root +> # group: wheel +> user::rw- +> group::r-- +> other::r-- + +$ ls -l fff | cut -d' ' -f1 +> prw-r--r-- + +$ rm fff + +# Test if we deal properly with device files. +$ mknod bbb b 1 1 +$ setfacl -m u:42:r,g:43:w bbb +> setfacl: bbb: acl_get_file() failed: Operation not supported +$ ls -l bbb | cut -d' ' -f1 +> brw-r--r-- + +$ rm bbb + +$ mknod ccc c 1 1 +$ setfacl -m u:42:r,g:43:w ccc +> setfacl: ccc: acl_get_file() failed: Operation not supported +$ ls -l ccc | cut -d' ' -f1 +> crw-r--r-- + +$ rm ccc Property changes on: user/ngie/more-tests/tests/sys/acl/tools-posix.test ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/tools-posix.test =================================================================== --- user/ngie/more-tests/tools/regression/acltools/tools-posix.test (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/tools-posix.test (nonexistent) @@ -1,453 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for POSIX.1e ACL functionality. Run it as root -# using ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Smoke test for getfacl(1). -$ touch xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> other::r-- - -$ getfacl -q xxx -> user::rw- -> group::r-- -> other::r-- - -$ setfacl -m u:42:r,g:43:w xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -# Check whether ls correctly marks files with "+". -$ ls -l xxx | cut -d' ' -f1 -> -rw-rw-r--+ - -# Same as above, but for symlinks. -$ ln -s xxx lll -$ getfacl -h lll -> # file: lll -> # owner: root -> # group: wheel -> user::rwx -> group::r-x -> other::r-x - -$ getfacl -qh lll -> user::rwx -> group::r-x -> other::r-x - -$ getfacl -q lll -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ setfacl -hm u:44:x,g:45:w lll -$ getfacl -h lll -> # file: lll -> # owner: root -> # group: wheel -> user::rwx -> user:44:--x -> group::r-x -> group:45:-w- -> mask::rwx -> other::r-x - -$ ls -l lll | cut -d' ' -f1 -> lrwxrwxr-x+ - -# Check whether the original file is left untouched. -$ ls -l xxx | cut -d' ' -f1 -> -rw-rw-r--+ - -$ rm lll - -# Test removing entries. -$ setfacl -x user:42: xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ setfacl -m u:42:r xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -# Test removing entries by number. -$ setfacl -x 1 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ setfacl -m g:43:r xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:r-- -> mask::r-- -> other::r-- - -# Make sure cp without any flags does not copy the ACL. -$ cp xxx yyy -$ ls -l yyy | cut -d' ' -f1 -> -rw-r--r-- - -# Make sure it does with the "-p" flag. -$ rm yyy -$ cp -p xxx yyy -$ getfacl -n yyy -> # file: yyy -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:r-- -> mask::r-- -> other::r-- - -$ rm yyy - -# Test removing entries by... by example? -$ setfacl -m u:42:r,g:43:w xxx -$ setfacl -x u:42: xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -# Test setfacl -b. -$ setfacl -b xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> mask::r-- -> other::r-- - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -$ setfacl -nb xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> other::r-- - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -# Check setfacl(1) and getfacl(1) with multiple files. -$ touch xxx yyy zzz - -$ ls -l xxx yyy zzz | cut -d' ' -f1 -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ setfacl -m u:42:x,g:43:w nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-rwxr--+ -> -rw-rwxr--+ -> -rw-rwxr--+ - -$ getfacl -nq nnn xxx yyy zzz -> getfacl: nnn: stat() failed: No such file or directory -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -> -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -> -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- - -$ setfacl -b nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r--+ -> -rw-r--r--+ -> -rw-r--r--+ - -$ setfacl -bn nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ rm xxx yyy zzz - -# Check whether chmod actually does what it should do. -$ touch xxx -$ setfacl -m u:42:rwx,g:43:rwx xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::rw- -> user:42:rwx # effective: --- -> group::r-- # effective: --- -> group:43:rwx # effective: --- -> mask::--- -> other::--- - -$ chmod 060 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user::--- -> user:42:rwx # effective: rw- -> group::r-- -> group:43:rwx # effective: rw- -> mask::rw- -> other::--- - -# Test default ACLs. -$ umask 022 -$ mkdir ddd -$ getfacl -qn ddd -> user::rwx -> group::r-x -> other::r-x - -$ ls -l | grep ddd | cut -d' ' -f1 -> drwxr-xr-x - -$ getfacl -dq ddd -$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd -$ getfacl -dqn ddd -> user::rwx -> group::r-x -> mask::rwx -> other::r-x - -# No change - ls(1) output doesn't take into account default ACLs. -$ ls -l | grep ddd | cut -d' ' -f1 -> drwxr-xr-x - -$ setfacl -dm g:42:rwx,u:42:r ddd -$ setfacl -dm g::w ddd -$ getfacl -dqn ddd -> user::rwx -> user:42:r-- -> group::-w- -> group:42:rwx -> mask::rwx -> other::r-x - -$ setfacl -dx group:42: ddd -$ getfacl -dqn ddd -> user::rwx -> user:42:r-- -> group::-w- -> mask::rw- -> other::r-x - -$ ls -l | grep ddd | cut -d' ' -f1 -> drwxr-xr-x - -$ rmdir ddd -$ rm xxx - -# Test inheritance. -$ mkdir ddd - -$ touch ddd/xxx -$ getfacl -q ddd/xxx -> user::rw- -> group::r-- -> other::r-- - -$ mkdir ddd/ddd -$ getfacl -q ddd/ddd -> user::rwx -> group::r-x -> other::r-x - -$ rmdir ddd/ddd -$ rm ddd/xxx - -$ setfacl -dm u::rwx,g::rx,o::rx,mask::rwx ddd -$ setfacl -dm g:42:rwx,u:43:r ddd -$ getfacl -dq ddd -> user::rwx -> user:43:r-- -> group::r-x -> group:42:rwx -> mask::rwx -> other::r-x - -$ touch ddd/xxx -$ getfacl -q ddd/xxx -> user::rw- -> user:43:r-- -> group::r-x # effective: r-- -> group:42:rwx # effective: r-- -> mask::r-- -> other::r-- - -$ mkdir ddd/ddd -$ getfacl -q ddd/ddd -> user::rwx -> user:43:r-- -> group::r-x -> group:42:rwx # effective: r-x -> mask::r-x -> other::r-x - -$ rmdir ddd/ddd -$ rm ddd/xxx -$ rmdir ddd - -# Test if we deal properly with fifos. -$ mkfifo fff -$ ls -l fff | cut -d' ' -f1 -> prw-r--r-- - -$ setfacl -m u:42:r,g:43:w fff -$ getfacl fff -> # file: fff -> # owner: root -> # group: wheel -> user::rw- -> user:42:r-- -> group::r-- -> group:43:-w- -> mask::rw- -> other::r-- - -$ ls -l fff | cut -d' ' -f1 -> prw-rw-r--+ - -$ setfacl -bn fff -$ getfacl fff -> # file: fff -> # owner: root -> # group: wheel -> user::rw- -> group::r-- -> other::r-- - -$ ls -l fff | cut -d' ' -f1 -> prw-r--r-- - -$ rm fff - -# Test if we deal properly with device files. -$ mknod bbb b 1 1 -$ setfacl -m u:42:r,g:43:w bbb -> setfacl: bbb: acl_get_file() failed: Operation not supported -$ ls -l bbb | cut -d' ' -f1 -> brw-r--r-- - -$ rm bbb - -$ mknod ccc c 1 1 -$ setfacl -m u:42:r,g:43:w ccc -> setfacl: ccc: acl_get_file() failed: Operation not supported -$ ls -l ccc | cut -d' ' -f1 -> crw-r--r-- - -$ rm ccc Property changes on: user/ngie/more-tests/tools/regression/acltools/tools-posix.test ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/aclfuzzer.sh =================================================================== --- user/ngie/more-tests/tools/regression/acltools/aclfuzzer.sh (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/aclfuzzer.sh (nonexistent) @@ -1,225 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is an NFSv4 ACL fuzzer. It expects to be run by non-root in a scratch -# directory on a filesystem with NFSv4 ACLs support. Output it generates -# is expected to be fed to /usr/src/tools/regression/acltools/run script. - -NUMBER_OF_COMMANDS=300 - -run_command() -{ - echo "\$ $1" - eval $1 2>&1 | sed 's/^/> /' -} - -rnd_from_0_to() -{ - max=`expr $1 + 1` - rnd=`jot -r 1` - rnd=`expr $rnd % $max` - - echo $rnd -} - -rnd_path() -{ - rnd=`rnd_from_0_to 3` - case $rnd in - 0) echo "$TMP/aaa" ;; - 1) echo "$TMP/bbb" ;; - 2) echo "$TMP/aaa/ccc" ;; - 3) echo "$TMP/bbb/ddd" ;; - esac -} - -f_prepend_random_acl_on() -{ - rnd=`rnd_from_0_to 4` - case $rnd in - 0) u="owner@" ;; - 1) u="group@" ;; - 2) u="everyone@" ;; - 3) u="u:1138" ;; - 4) u="g:1138" ;; - esac - - p="" - while :; do - rnd=`rnd_from_0_to 30` - if [ -n "$p" -a $rnd -ge 14 ]; then - break; - fi - - case $rnd in - 0) p="${p}r" ;; - 1) p="${p}w" ;; - 2) p="${p}x" ;; - 3) p="${p}p" ;; - 4) p="${p}d" ;; - 5) p="${p}D" ;; - 6) p="${p}a" ;; - 7) p="${p}A" ;; - 8) p="${p}R" ;; - 9) p="${p}W" ;; - 10) p="${p}R" ;; - 11) p="${p}c" ;; - 12) p="${p}C" ;; - 13) p="${p}o" ;; - 14) p="${p}s" ;; - esac - done - - f="" - while :; do - rnd=`rnd_from_0_to 10` - if [ $rnd -ge 6 ]; then - break; - fi - - case $rnd in - 0) f="${f}f" ;; - 1) f="${f}d" ;; - 2) f="${f}n" ;; - 3) f="${f}i" ;; - esac - done - - rnd=`rnd_from_0_to 1` - case $rnd in - 0) x="allow" ;; - 1) x="deny" ;; - esac - - acl="$u:$p:$f:$x" - - file=`rnd_path` - run_command "setfacl -a0 $acl $file" -} - -f_getfacl() -{ - file=`rnd_path` - run_command "getfacl -qn $file" -} - -f_ls_mode() -{ - file=`rnd_path` - run_command "ls -al $file | sed -n '2p' | cut -d' ' -f1" -} - -f_chmod() -{ - b1=`rnd_from_0_to 7` - b2=`rnd_from_0_to 7` - b3=`rnd_from_0_to 7` - b4=`rnd_from_0_to 7` - file=`rnd_path` - - run_command "chmod $b1$b2$b3$b4 $file $2" -} - -f_touch() -{ - file=`rnd_path` - run_command "touch $file" -} - -f_rm() -{ - file=`rnd_path` - run_command "rm -f $file" -} - -f_mkdir() -{ - file=`rnd_path` - run_command "mkdir $file" -} - -f_rmdir() -{ - file=`rnd_path` - run_command "rmdir $file" -} - -f_mv() -{ - from=`rnd_path` - to=`rnd_path` - run_command "mv -f $from $to" -} - -# XXX: To be implemented: chown(8), setting times with touch(1). - -switch_to_random_user() -{ - # XXX: To be implemented. -} - -execute_random_command() -{ - rnd=`rnd_from_0_to 20` - - case $rnd in - 0|10|11|12|13|15) cmd=f_prepend_random_acl_on ;; - 1) cmd=f_getfacl ;; - 2) cmd=f_ls_mode ;; - 3) cmd=f_chmod ;; - 4|18|19) cmd=f_touch ;; - 5) cmd=f_rm ;; - 6|16|17) cmd=f_mkdir ;; - 7) cmd=f_rmdir ;; - 8) cmd=f_mv ;; - esac - - $cmd "XXX" -} - -echo "# Fuzzing; will stop after $NUMBER_OF_COMMANDS commands." -TMP="aclfuzzer_`dd if=/dev/random bs=1k count=1 2>/dev/null | openssl md5`" - -run_command "whoami" -umask 022 -run_command "umask 022" -run_command "mkdir $TMP" - -i=0; -while [ "$i" -lt "$NUMBER_OF_COMMANDS" ]; do - switch_to_random_user - execute_random_command - i=`expr $i + 1` -done - -run_command "find $TMP -exec setfacl -a0 everyone@:rxd:allow {} \;" -run_command "rm -rfv $TMP" - -echo "# Fuzzed, thank you." - Property changes on: user/ngie/more-tests/tools/regression/acltools/aclfuzzer.sh ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:executable ## -1 +0,0 ## -* \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/run =================================================================== --- user/ngie/more-tests/tools/regression/acltools/run (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/run (nonexistent) @@ -1,329 +0,0 @@ -#!/usr/bin/perl -w -U - -# Copyright (c) 2007, 2008 Andreas Gruenbacher. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions, and the following disclaimer, -# without modification, immediately at the beginning of the file. -# 2. The name of the author may not be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# Alternatively, this software may be distributed under the terms of the -# GNU Public License ("GPL"). -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR -# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# -# Possible improvements: -# -# - distinguish stdout and stderr output -# - add environment variable like assignments -# - run up to a specific line -# - resume at a specific line -# - -use strict; -use FileHandle; -use Getopt::Std; -use POSIX qw(isatty setuid getcwd); -use vars qw($opt_l $opt_v); - -no warnings qw(taint); - -$opt_l = ~0; # a really huge number -getopts('l:v'); - -my ($OK, $FAILED) = ("ok", "failed"); -if (isatty(fileno(STDOUT))) { - $OK = "\033[32m" . $OK . "\033[m"; - $FAILED = "\033[31m\033[1m" . $FAILED . "\033[m"; -} - -sub exec_test($$); -sub process_test($$$$); - -my ($prog, $in, $out) = ([], [], []); -my $prog_line = 0; -my ($tests, $failed) = (0,0); -my $lineno; -my $width = ($ENV{COLUMNS} || 80) >> 1; - -for (;;) { - my $line = <>; $lineno++; - if (defined $line) { - # Substitute %VAR and %{VAR} with environment variables. - $line =~ s[%(\w+)][$ENV{$1}]eg; - $line =~ s[%{(\w+)}][$ENV{$1}]eg; - } - if (defined $line) { - if ($line =~ s/^\s*< ?//) { - push @$in, $line; - } elsif ($line =~ s/^\s*> ?//) { - push @$out, $line; - } else { - process_test($prog, $prog_line, $in, $out); - last if $prog_line >= $opt_l; - - $prog = []; - $prog_line = 0; - } - if ($line =~ s/^\s*\$ ?//) { - $prog = [ map { s/\\(.)/$1/g; $_ } split /(? @$result) ? @$out : @$result; - for (my $n=0; $n < $nmax; $n++) { - my $use_re; - if (defined $out->[$n] && $out->[$n] =~ /^~ /) { - $use_re = 1; - $out->[$n] =~ s/^~ //g; - } - - if (!defined($out->[$n]) || !defined($result->[$n]) || - (!$use_re && $result->[$n] ne $out->[$n]) || - ( $use_re && $result->[$n] !~ /^$out->[$n]/)) { - push @good, ($use_re ? '!~' : '!='); - } - else { - push @good, ($use_re ? '=~' : '=='); - } - } - my $good = !(grep /!/, @good); - $tests++; - $failed++ unless $good; - print $good ? $OK : $FAILED, "\n"; - if (!$good || $opt_v) { - for (my $n=0; $n < $nmax; $n++) { - my $l = defined($out->[$n]) ? $out->[$n] : "~"; - chomp $l; - my $r = defined($result->[$n]) ? $result->[$n] : "~"; - chomp $r; - print sprintf("%-" . ($width-3) . "s %s %s\n", - $r, $good[$n], $l); - } - } -} - - -sub su($) { - my ($user) = @_; - - $user ||= "root"; - - my ($login, $pass, $uid, $gid) = getpwnam($user) - or return [ "su: user $user does not exist\n" ]; - my @groups = (); - my $fh = new FileHandle("/etc/group") - or return [ "opening /etc/group: $!\n" ]; - while (<$fh>) { - chomp; - my ($group, $passwd, $gid, $users) = split /:/; - foreach my $u (split /,/, $users) { - push @groups, $gid - if ($user eq $u); - } - } - $fh->close; - - my $groups = join(" ", ($gid, $gid, @groups)); - #print STDERR "[[$groups]]\n"; - $! = 0; # reset errno - $> = 0; - $( = $gid; - $) = $groups; - if ($!) { - return [ "su: $!\n" ]; - } - if ($uid != 0) { - $> = $uid; - #$< = $uid; - if ($!) { - return [ "su: $prog->[1]: $!\n" ]; - } - } - #print STDERR "[($>,$<)($(,$))]"; - return []; -} - - -sub sg($) { - my ($group) = @_; - - my $gid = getgrnam($group) - or return [ "sg: group $group does not exist\n" ]; - my %groups = map { $_ eq $gid ? () : ($_ => 1) } (split /\s/, $)); - - #print STDERR "<<", join("/", keys %groups), ">>\n"; - my $groups = join(" ", ($gid, $gid, keys %groups)); - #print STDERR "[[$groups]]\n"; - $! = 0; # reset errno - if ($> != 0) { - my $uid = $>; - $> = 0; - $( = $gid; - $) = $groups; - $> = $uid; - } else { - $( = $gid; - $) = $groups; - } - if ($!) { - return [ "sg: $!\n" ]; - } - print STDERR "[($>,$<)($(,$))]"; - return []; -} - - -sub exec_test($$) { - my ($prog, $in) = @_; - local (*IN, *IN_DUP, *IN2, *OUT_DUP, *OUT, *OUT2); - my $needs_shell = (join('', @$prog) =~ /[][|<>"'`\$\*\?]/); - - if ($prog->[0] eq "umask") { - umask oct $prog->[1]; - return []; - } elsif ($prog->[0] eq "cd") { - if (!chdir $prog->[1]) { - return [ "chdir: $prog->[1]: $!\n" ]; - } - $ENV{PWD} = getcwd; - return []; - } elsif ($prog->[0] eq "su") { - return su($prog->[1]); - } elsif ($prog->[0] eq "sg") { - return sg($prog->[1]); - } elsif ($prog->[0] eq "export") { - my ($name, $value) = split /=/, $prog->[1]; - # FIXME: need to evaluate $value, so that things like this will work: - # export dir=$PWD/dir - $ENV{$name} = $value; - return []; - } elsif ($prog->[0] eq "unset") { - delete $ENV{$prog->[1]}; - return []; - } - - pipe *IN2, *OUT - or die "Can't create pipe for reading: $!"; - open *IN_DUP, "<&STDIN" - or *IN_DUP = undef; - open *STDIN, "<&IN2" - or die "Can't duplicate pipe for reading: $!"; - close *IN2; - - open *OUT_DUP, ">&STDOUT" - or die "Can't duplicate STDOUT: $!"; - pipe *IN, *OUT2 - or die "Can't create pipe for writing: $!"; - open *STDOUT, ">&OUT2" - or die "Can't duplicate pipe for writing: $!"; - close *OUT2; - - *STDOUT->autoflush(); - *OUT->autoflush(); - - $SIG{CHLD} = 'IGNORE'; - - if (fork()) { - # Server - if (*IN_DUP) { - open *STDIN, "<&IN_DUP" - or die "Can't duplicate STDIN: $!"; - close *IN_DUP - or die "Can't close STDIN duplicate: $!"; - } - open *STDOUT, ">&OUT_DUP" - or die "Can't duplicate STDOUT: $!"; - close *OUT_DUP - or die "Can't close STDOUT duplicate: $!"; - - foreach my $line (@$in) { - #print "> $line"; - print OUT $line; - } - close *OUT - or die "Can't close pipe for writing: $!"; - - my $result = []; - while () { - #print "< $_"; - if ($needs_shell) { - s#^/bin/sh: line \d+: ##; - } - push @$result, $_; - } - return $result; - } else { - # Client - $< = $>; - close IN - or die "Can't close read end for input pipe: $!"; - close OUT - or die "Can't close write end for output pipe: $!"; - close OUT_DUP - or die "Can't close STDOUT duplicate: $!"; - local *ERR_DUP; - open ERR_DUP, ">&STDERR" - or die "Can't duplicate STDERR: $!"; - open STDERR, ">&STDOUT" - or die "Can't join STDOUT and STDERR: $!"; - - if ($needs_shell) { - exec ('/bin/sh', '-c', join(" ", @$prog)); - } else { - exec @$prog; - } - print STDERR $prog->[0], ": $!\n"; - exit; - } -} - Property changes on: user/ngie/more-tests/tools/regression/acltools/run ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/00.t =================================================================== --- user/ngie/more-tests/tools/regression/acltools/00.t (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/00.t (nonexistent) @@ -1,85 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-posix.test on UFS filesystem. -# -# If any of the tests fails, here is how to debug it: go to -# the directory with problematic filesystem mounted on it, -# and do /path/to/test run /path/to/test tools-posix.test, e.g. -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test -# -# Output should be obvious. - -echo "1..4" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 10m` -MNT=`mktemp -dt acltools` -newfs /dev/$MD > /dev/null -mount -o acls /dev/$MD $MNT -if [ $? -ne 0 ]; then - echo "not ok 1 - mount failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -# First, check whether we can crash the kernel by creating too many -# entries. For some reason this won't work in the test file. -touch xxx -i=0; -while :; do i=$(($i+1)); setfacl -m u:$i:rwx xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done -chmod 600 xxx -rm xxx -echo "ok 2" - -perl $TESTDIR/run $TESTDIR/tools-posix.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -cd / -umount -f $MNT -rmdir $MNT -mdconfig -du $MD - -echo "ok 4" Property changes on: user/ngie/more-tests/tools/regression/acltools/00.t ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/01.t =================================================================== --- user/ngie/more-tests/tools/regression/acltools/01.t (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/01.t (nonexistent) @@ -1,86 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-nfs4.test on ZFS filesystem. -# -# WARNING: It uses hardcoded ZFS pool name "acltools" -# -# If any of the tests fails, here is how to debug it: go to -# the directory with problematic filesystem mounted on it, -# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# Output should be obvious. - -echo "1..4" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 64m` -MNT=`mktemp -dt acltools` -zpool create -m $MNT acltools /dev/$MD -if [ $? -ne 0 ]; then - echo "not ok 1 - 'zpool create' failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -# First, check whether we can crash the kernel by creating too many -# entries. For some reason this won't work in the test file. -touch xxx -setfacl -x2 xxx -while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done -chmod 600 xxx -rm xxx -echo "ok 2" - -perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -cd / -zpool destroy -f acltools -rmdir $MNT -mdconfig -du $MD - -echo "ok 4" Property changes on: user/ngie/more-tests/tools/regression/acltools/01.t ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/02.t =================================================================== --- user/ngie/more-tests/tools/regression/acltools/02.t (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/02.t (nonexistent) @@ -1,90 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-nfs4.test on UFS filesystem. -# -# If any of the tests fails, here is how to debug it: go to -# the directory with problematic filesystem mounted on it, -# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# Output should be obvious. - -echo "1..4" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 10m` -MNT=`mktemp -dt acltools` -newfs /dev/$MD > /dev/null -mount -o nfsv4acls /dev/$MD $MNT -if [ $? -ne 0 ]; then - echo "not ok 1 - mount failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -# First, check whether we can crash the kernel by creating too many -# entries. For some reason this won't work in the test file. -touch xxx -setfacl -x2 xxx -while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done -chmod 600 xxx -rm xxx -echo "ok 2" - -if [ `sysctl -n vfs.acl_nfs4_old_semantics` = 0 ]; then - perl $TESTDIR/run $TESTDIR/tools-nfs4-psarc.test > /dev/null -else - perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null -fi - -if [ $? -eq 0 ]; then - echo "ok 3" -else - echo "not ok 3" -fi - -cd / -umount -f $MNT -rmdir $MNT -mdconfig -du $MD - -echo "ok 4" - Property changes on: user/ngie/more-tests/tools/regression/acltools/02.t ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/03.t =================================================================== --- user/ngie/more-tests/tools/regression/acltools/03.t (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/03.t (nonexistent) @@ -1,110 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-crossfs.test between UFS without -# ACLs, UFS with POSIX.1e ACLs, and ZFS with NFSv4 ACLs. -# -# WARNING: It uses hardcoded ZFS pool name "acltools" -# -# Output should be obvious. - -echo "1..5" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) -MNTROOT=`mktemp -dt acltools` - -# Set up the test filesystems. -MD1=`mdconfig -at swap -s 64m` -MNT1=$MNTROOT/nfs4 -mkdir $MNT1 -zpool create -m $MNT1 acltools /dev/$MD1 -if [ $? -ne 0 ]; then - echo "not ok 1 - 'zpool create' failed." - exit 1 -fi - -echo "ok 1" - -MD2=`mdconfig -at swap -s 10m` -MNT2=$MNTROOT/posix -mkdir $MNT2 -newfs /dev/$MD2 > /dev/null -mount -o acls /dev/$MD2 $MNT2 -if [ $? -ne 0 ]; then - echo "not ok 2 - mount failed." - exit 1 -fi - -echo "ok 2" - -MD3=`mdconfig -at swap -s 10m` -MNT3=$MNTROOT/none -mkdir $MNT3 -newfs /dev/$MD3 > /dev/null -mount /dev/$MD3 $MNT3 -if [ $? -ne 0 ]; then - echo "not ok 3 - mount failed." - exit 1 -fi - -echo "ok 3" - -cd $MNTROOT - -perl $TESTDIR/run $TESTDIR/tools-crossfs.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 4" -else - echo "not ok 4" -fi - -cd / - -umount -f $MNT3 -rmdir $MNT3 -mdconfig -du $MD3 - -umount -f $MNT2 -rmdir $MNT2 -mdconfig -du $MD2 - -zpool destroy -f acltools -rmdir $MNT1 -mdconfig -du $MD1 - -rmdir $MNTROOT - -echo "ok 5" - Property changes on: user/ngie/more-tests/tools/regression/acltools/03.t ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/04.t =================================================================== --- user/ngie/more-tests/tools/regression/acltools/04.t (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/04.t (nonexistent) @@ -1,69 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2011 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a wrapper script to run tools-nfs4-trivial.test on ZFS filesystem. -# -# WARNING: It uses hardcoded ZFS pool name "acltools" - -echo "1..3" - -if [ `whoami` != "root" ]; then - echo "not ok 1 - you need to be root to run this test." - exit 1 -fi - -TESTDIR=$(dirname $(realpath $0)) - -# Set up the test filesystem. -MD=`mdconfig -at swap -s 64m` -MNT=`mktemp -dt acltools` -zpool create -m $MNT acltools /dev/$MD -if [ $? -ne 0 ]; then - echo "not ok 1 - 'zpool create' failed." - exit 1 -fi - -echo "ok 1" - -cd $MNT - -perl $TESTDIR/run $TESTDIR/tools-nfs4-trivial.test > /dev/null - -if [ $? -eq 0 ]; then - echo "ok 2" -else - echo "not ok 2" -fi - -cd / -zpool destroy -f acltools -rmdir $MNT -mdconfig -du $MD - -echo "ok 3" Property changes on: user/ngie/more-tests/tools/regression/acltools/04.t ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/mktrivial.sh =================================================================== --- user/ngie/more-tests/tools/regression/acltools/mktrivial.sh (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/mktrivial.sh (nonexistent) @@ -1,53 +0,0 @@ -#!/bin/sh -# -# Copyright (c) 2010 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This shell script generates an input file for the "run" script, used -# to verify generation of trivial ACLs. - -echo "$ touch f" -touch f - -for s in `jot 7 0 7`; do - for u in `jot 7 0 7`; do - for g in `jot 7 0 7`; do - for o in `jot 7 0 7`; do - echo "$ chmod 0$s$u$g$o f" - chmod "0$s$u$g$o" f - echo "$ ls -l f | cut -d' ' -f1" - ls -l f | cut -d' ' -f1 | sed 's/^/> /' - echo "$ getfacl -q f" - getfacl -q f | sed 's/^/> /' - done - done - done -done - -echo "$ rm f" -rm f - Property changes on: user/ngie/more-tests/tools/regression/acltools/mktrivial.sh ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:executable ## -1 +0,0 ## -* \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/tools-crossfs.test =================================================================== --- user/ngie/more-tests/tools/regression/acltools/tools-crossfs.test (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/tools-crossfs.test (nonexistent) @@ -1,323 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test intended to verify that cp(1) and mv(1) -# do the right thing with respect to ACLs. Run it as root using -# ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# You need to have three subdirectories, named nfs4, posix and none, -# with filesystems with NFSv4 ACLs, POSIX.1e ACLs and no ACLs enabled, -# respectively, mounted on them, in your current directory. -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -$ touch nfs4/xxx -$ getfacl -nq nfs4/xxx -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ touch posix/xxx -$ getfacl -nq posix/xxx -> user::rw- -> group::r-- -> other::r-- - -# mv with POSIX.1e ACLs. -$ rm -f posix/xxx -$ rm -f posix/yyy -$ touch posix/xxx -$ chmod 456 posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r--r-xrw- -$ setfacl -m u:42:x,g:43:w posix/xxx -$ mv posix/xxx posix/yyy -$ getfacl -nq posix/yyy -> user::r-- -> user:42:--x -> group::r-x -> group:43:-w- -> mask::rwx -> other::rw- -$ ls -l posix/yyy | cut -d' ' -f1 -> -r--rwxrw-+ - -# mv from POSIX.1e to none. -$ rm -f posix/xxx -$ rm -f none/xxx -$ touch posix/xxx -$ chmod 345 posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> --wxrwxr-x+ -$ mv posix/xxx none/xxx -> mv: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> --wxrwxr-x - -# mv from POSIX.1e to NFSv4. -$ rm -f posix/xxx -$ rm -f nfs4/xxx -$ touch posix/xxx -$ chmod 456 posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r--rwxrw-+ -$ mv posix/yyy nfs4/xxx -> mv: failed to set acl entries for nfs4/xxx: Invalid argument -$ getfacl -nq nfs4/xxx -> owner@:-wxp----------:-------:deny -> owner@:r-----aARWcCos:-------:allow -> group@:rwxp--a-R-c--s:-------:allow -> everyone@:rw-p--a-R-c--s:-------:allow -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r--rwxrw- - -# mv with NFSv4 ACLs. -$ rm -f nfs4/xxx -$ rm -f nfs4/yyy -$ touch nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ mv nfs4/xxx nfs4/yyy -$ getfacl -nq nfs4/yyy -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -$ ls -l nfs4/yyy | cut -d' ' -f1 -> -rw-r--r--+ - -# mv from NFSv4 to POSIX.1e without any ACLs. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 456 nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r--r-xrw- -$ mv nfs4/xxx posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r--r-xrw- - -# mv from NFSv4 to none. -$ rm -f nfs4/xxx -$ rm -f none/xxx -$ touch nfs4/xxx -$ chmod 345 nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x+ -$ mv nfs4/xxx none/xxx -> mv: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> --wxr--r-x - -# mv from NFSv4 to POSIX.1e. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 345 nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> --wxr--r-x+ -$ mv nfs4/xxx posix/xxx -> mv: failed to set acl entries for posix/xxx: Invalid argument -$ ls -l posix/xxx | cut -d' ' -f1 -> --wxr--r-x - -# cp with POSIX.1e ACLs. -$ rm -f posix/xxx -$ rm -f posix/yyy -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp posix/xxx posix/yyy -$ ls -l posix/yyy | cut -d' ' -f1 -> -rw-r-xr-- - -# cp -p with POSIX.1e ACLs. -$ rm -f posix/xxx -$ rm -f posix/yyy -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ getfacl -nq posix/xxx -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp -p posix/xxx posix/yyy -$ getfacl -nq posix/yyy -> user::rw- -> user:42:--x -> group::r-- -> group:43:-w- -> mask::rwx -> other::r-- -$ ls -l posix/yyy | cut -d' ' -f1 -> -rw-rwxr--+ - -# cp from POSIX.1e to none. -$ rm -f posix/xxx -$ rm -f none/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp posix/xxx none/xxx -$ ls -l none/xxx | cut -d' ' -f1 -> -rw-r-xr-- - -# cp -p from POSIX.1e to none. -$ rm -f posix/xxx -$ rm -f none/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp -p posix/xxx none/xxx -> cp: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> -rw-rwxr-- - -# cp from POSIX.1e to NFSv4. -$ rm -f posix/xxx -$ rm -f nfs4/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp posix/xxx nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -rw-r-xr-- - -# cp -p from POSIX.1e to NFSv4. -$ rm -f posix/xxx -$ rm -f nfs4/xxx -$ touch posix/xxx -$ setfacl -m u:42:x,g:43:w posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -rw-rwxr--+ -$ cp -p posix/xxx nfs4/xxx -> cp: failed to set acl entries for nfs4/xxx: Invalid argument -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -rw-rwxr-- - -# cp with NFSv4 ACLs. -$ rm -f nfs4/xxx -$ rm -f nfs4/yyy -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp nfs4/xxx nfs4/yyy -$ ls -l nfs4/yyy | cut -d' ' -f1 -> -r-xr----x - -# cp -p with NFSv4 ACLs. -$ rm -f nfs4/xxx -$ rm -f nfs4/yyy -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ cp -p nfs4/xxx nfs4/yyy -$ getfacl -nq nfs4/yyy -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:allow -> owner@:-w-p----------:-------:deny -> group@:-wxp----------:-------:deny -> owner@:r-x---aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:-wxp--a-R-c--s:-------:allow -$ ls -l nfs4/yyy | cut -d' ' -f1 -> -r-xr---wx+ - -# cp from NFSv4 to none. -$ rm -f nfs4/xxx -$ rm -f none/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp nfs4/xxx none/xxx -$ ls -l none/xxx | cut -d' ' -f1 -> -r-xr----x - -# cp -p from NFSv4 to none. -$ rm -f nfs4/xxx -$ rm -f none/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp -p nfs4/xxx none/xxx -> cp: failed to set acl entries for none/xxx: Operation not supported -$ ls -l none/xxx | cut -d' ' -f1 -> -r-xr---wx - -# cp from NFSv4 to POSIX.1e. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp nfs4/xxx posix/xxx -$ ls -l posix/xxx | cut -d' ' -f1 -> -r-xr----x - -# cp -p from NFSv4 to POSIX.1e. -$ rm -f nfs4/xxx -$ rm -f posix/xxx -$ touch nfs4/xxx -$ chmod 543 nfs4/xxx -$ setfacl -a0 u:42:x:allow,g:43:w:allow nfs4/xxx -$ ls -l nfs4/xxx | cut -d' ' -f1 -> -r-xr---wx+ -$ cp -p nfs4/xxx posix/xxx -> cp: failed to set acl entries for posix/xxx: Invalid argument -$ ls -l posix/xxx | cut -d' ' -f1 -> -r-xr---wx Property changes on: user/ngie/more-tests/tools/regression/acltools/tools-crossfs.test ___________________________________________________________________ Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/tools-nfs4.test =================================================================== --- user/ngie/more-tests/tools/regression/acltools/tools-nfs4.test (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/tools-nfs4.test (nonexistent) @@ -1,828 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for NFSv4 ACL functionality. Run it as root -# using ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Smoke test for getfacl(1). -$ touch xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ getfacl -q xxx -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Check verbose mode formatting. -$ getfacl -v xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:execute::deny -> owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow -> group@:write_data/execute/append_data::deny -> group@:read_data::allow -> everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny -> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow - -# Test setfacl -a. -$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test user and group name resolving. -$ rm xxx -$ touch xxx -$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:root:-----------C--:-------:allow -> group:daemon:----------c---:-------:deny -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Check whether ls correctly marks files with "+". -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -# Test removing entries by number. -$ setfacl -x 4 xxx -$ setfacl -x 4 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -m. -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -m everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:--------------:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test getfacl -i. -$ getfacl -i xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:root:-----------C--:-------:allow:0 -> group:daemon:----------c---:-------:deny:1 -> everyone@:--------------:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Make sure cp without any flags does not copy copy the ACL. -$ cp xxx yyy -$ ls -l yyy | cut -d' ' -f1 -> -rw-r--r-- - -# Make sure it does with the "-p" flag. -$ rm yyy -$ cp -p xxx yyy -$ getfacl -n yyy -> # file: yyy -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:--------------:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm yyy - -# Test removing entries by... by example? -$ setfacl -x everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -b. -$ setfacl -b xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -# Check setfacl(1) and getfacl(1) with multiple files. -$ touch xxx yyy zzz - -$ ls -l xxx yyy zzz | cut -d' ' -f1 -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r--+ -> -rw-r--r--+ -> -rw-r--r--+ - -$ getfacl -nq nnn xxx yyy zzz -> getfacl: nnn: stat() failed: No such file or directory -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ setfacl -b nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ rm xxx yyy zzz - -# Test applying mode to an ACL. -$ touch xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--x-----------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -rw-------+ - -$ rm xxx -$ touch xxx -$ chown 42 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 42 -> # group: wheel -> user:42:--------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--x-----------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -rw-------+ - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 124 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--x-----------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:rw-p----------:-------:deny -> owner@:--x----A-W-Co-:-------:allow -> group@:r-x-----------:-------:deny -> group@:-w-p----------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> ---x-w-r--+ - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 412 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-------------:-------:allow -> user:43:-w------------:-------:deny -> user:43:-w------------:-------:allow -> user:44:--------------:-------:deny -> user:44:--x-----------:-------:allow -> owner@:-wxp----------:-------:deny -> owner@:r------A-W-Co-:-------:allow -> group@:rw-p----------:-------:deny -> group@:--x-----------:-------:allow -> everyone@:r-x----A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -r----x-w-+ - -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-----:allow -> group:43:-w--D---------:-d-----:deny -> group@:-----da-------:-------:allow -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -$ chmod 777 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:--------------:-------:deny -> group:42:-w--D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:--------------:-------:deny -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:rwxp----------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:rwxp--a-R-c--s:-------:allow - -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ chmod 124 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:--------------:-------:deny -> group:42:----D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:r-------------:-------:deny -> group:44:r----da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:rw-p----------:-------:deny -> owner@:--x----A-W-Co-:-------:allow -> group@:r-x-----------:-------:deny -> group@:-w-p----------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ chmod 412 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-------------:-------:deny -> user:42:r-x-----------:-------:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:-w------------:-------:deny -> group:42:-w--D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:rw-p----------:-------:deny -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:-wxp----------:-------:deny -> owner@:r------A-W-Co-:-------:allow -> group@:rw-p----------:-------:deny -> group@:--x-----------:-------:allow -> everyone@:r-x----A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:-------:allow - -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ chown 42 ddd -$ chmod 412 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: 42 -> # group: wheel -> user:42:--x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-di----:allow -> group:42:-w------------:-------:deny -> group:42:-w--D---------:-------:allow -> group:43:-w--D---------:-di----:deny -> group:43:-w--D---------:-------:deny -> group@:-----da-------:-------:allow -> group:44:rw-p----------:-------:deny -> group:44:rw-p-da-------:-------:allow -> owner@:--------------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:f-i----:allow -> owner@:-wxp----------:-------:deny -> owner@:r------A-W-Co-:-------:allow -> group@:rw-p----------:-------:deny -> group@:--x-----------:-------:allow -> everyone@:r-x----A-W-Co-:-------:deny -> everyone@:-w-p--a-R-c--s:-------:allow - -# Test applying ACL to mode. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 u:42:rwx:fi:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> drwxr-xr-x+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr----x---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr---wx---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -# Test inheritance. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd -$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd -$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd -$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd -$ getfacl -qn ddd -> user:41:-w-----A------:f--n---:allow -> group:41:r-----a-------:-din---:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-n---:deny -> group:43:-w---------C--:f-in---:deny -> user:43:rwxp----------:-------:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:r-x---a-R-c--s:-------:allow - -$ cd ddd -$ touch xxx -$ getfacl -qn xxx -> user:41:-w------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:--x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm xxx -$ umask 077 -$ touch xxx -$ getfacl -qn xxx -> user:41:-w------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:r-x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -$ rm xxx -$ umask 770 -$ touch xxx -$ getfacl -qn xxx -> user:41:-w------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:r-x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:--x----A-W-Co-:-------:deny -> everyone@:rw-p--a-R-c--s:-------:allow - -$ rm xxx -$ umask 707 -$ touch xxx -$ getfacl -qn xxx -> user:41:--------------:-------:deny -> user:41:-w-----A------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> user:42:--x-----------:-------:deny -> user:42:r-x-----------:-------:allow -> group:43:-w---------C--:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--x-----------:-------:deny -> group@:rw-p----------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -$ umask 077 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:r-------------:-------:deny -> group:41:r-----a-------:-------:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-------:deny -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 770 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:r-------------:-------:deny -> group:41:r-----a-------:-------:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:rwxp----------:-------:deny -> group@:--------------:-------:allow -> everyone@:-------A-W-Co-:-------:deny -> everyone@:rwxp--a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 707 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:--------------:-------:deny -> group:41:------a-------:-------:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-------:deny -> owner@:rwxp----------:-------:deny -> owner@:-------A-W-Co-:-------:allow -> group@:--------------:-------:deny -> group@:rwxp----------:-------:allow -> everyone@:rwxp---A-W-Co-:-------:deny -> everyone@:------a-R-c--s:-------:allow - -# There is some complication regarding how write_acl and write_owner flags -# get inherited. Make sure we got it right. -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:allow . -$ setfacl -a0 u:43:Co:d:allow . -$ setfacl -a0 u:44:Co:fd:allow . -$ setfacl -a0 u:45:Co:fi:allow . -$ setfacl -a0 u:46:Co:di:allow . -$ setfacl -a0 u:47:Co:fdi:allow . -$ setfacl -a0 u:48:Co:fn:allow . -$ setfacl -a0 u:49:Co:dn:allow . -$ setfacl -a0 u:50:Co:fdn:allow . -$ setfacl -a0 u:51:Co:fni:allow . -$ setfacl -a0 u:52:Co:dni:allow . -$ setfacl -a0 u:53:Co:fdni:allow . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:--------------:-------:deny -> user:53:--------------:-------:allow -> user:51:--------------:-------:deny -> user:51:--------------:-------:allow -> user:50:--------------:-------:deny -> user:50:--------------:-------:allow -> user:48:--------------:-------:deny -> user:48:--------------:-------:allow -> user:47:--------------:-------:deny -> user:47:--------------:-------:allow -> user:45:--------------:-------:deny -> user:45:--------------:-------:allow -> user:44:--------------:-------:deny -> user:44:--------------:-------:allow -> user:42:--------------:-------:deny -> user:42:--------------:-------:allow -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:--------------:-------:deny -> user:53:--------------:-------:allow -> user:52:--------------:-------:deny -> user:52:--------------:-------:allow -> user:50:--------------:-------:deny -> user:50:--------------:-------:allow -> user:49:--------------:-------:deny -> user:49:--------------:-------:allow -> user:47:-----------Co-:fdi----:allow -> user:47:--------------:-------:deny -> user:47:--------------:-------:allow -> user:46:-----------Co-:-di----:allow -> user:46:--------------:-------:deny -> user:46:--------------:-------:allow -> user:45:-----------Co-:f-i----:allow -> user:44:-----------Co-:fdi----:allow -> user:44:--------------:-------:deny -> user:44:--------------:-------:allow -> user:43:-----------Co-:-di----:allow -> user:43:--------------:-------:deny -> user:43:--------------:-------:allow -> user:42:-----------Co-:f-i----:allow -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:r-x---a-R-c--s:-------:allow - -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:deny . -$ setfacl -a0 u:43:Co:d:deny . -$ setfacl -a0 u:44:Co:fd:deny . -$ setfacl -a0 u:45:Co:fi:deny . -$ setfacl -a0 u:46:Co:di:deny . -$ setfacl -a0 u:47:Co:fdi:deny . -$ setfacl -a0 u:48:Co:fn:deny . -$ setfacl -a0 u:49:Co:dn:deny . -$ setfacl -a0 u:50:Co:fdn:deny . -$ setfacl -a0 u:51:Co:fni:deny . -$ setfacl -a0 u:52:Co:dni:deny . -$ setfacl -a0 u:53:Co:fdni:deny . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:-----------Co-:-------:deny -> user:51:-----------Co-:-------:deny -> user:50:-----------Co-:-------:deny -> user:48:-----------Co-:-------:deny -> user:47:-----------Co-:-------:deny -> user:45:-----------Co-:-------:deny -> user:44:-----------Co-:-------:deny -> user:42:-----------Co-:-------:deny -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:-----------Co-:-------:deny -> user:52:-----------Co-:-------:deny -> user:50:-----------Co-:-------:deny -> user:49:-----------Co-:-------:deny -> user:47:-----------Co-:fdi----:deny -> user:47:-----------Co-:-------:deny -> user:46:-----------Co-:-di----:deny -> user:46:-----------Co-:-------:deny -> user:45:-----------Co-:f-i----:deny -> user:44:-----------Co-:fdi----:deny -> user:44:-----------Co-:-------:deny -> user:43:-----------Co-:-di----:deny -> user:43:-----------Co-:-------:deny -> user:42:-----------Co-:f-i----:deny -> owner@:--------------:-------:deny -> owner@:rwxp---A-W-Co-:-------:allow -> group@:-w-p----------:-------:deny -> group@:r-x-----------:-------:allow -> everyone@:-w-p---A-W-Co-:-------:deny -> everyone@:r-x---a-R-c--s:-------:allow - -$ rmdir yyy -$ rm xxx -$ cd .. -$ rmdir ddd - -$ rm xxx - Property changes on: user/ngie/more-tests/tools/regression/acltools/tools-nfs4.test ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/tools-nfs4-psarc.test =================================================================== --- user/ngie/more-tests/tools/regression/acltools/tools-nfs4-psarc.test (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/tools-nfs4-psarc.test (nonexistent) @@ -1,562 +0,0 @@ -# Copyright (c) 2008, 2009 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for NFSv4 ACL functionality with PSARC/2010/029 -# semantics. Run it as root using ACL-enabled kernel: -# -# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4-psarc.test -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Smoke test for getfacl(1). -$ touch xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ getfacl -q xxx -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -# Check verbose mode formatting. -$ getfacl -v xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:read_data/write_data/append_data/read_attributes/write_attributes/read_xattr/write_xattr/read_acl/write_acl/write_owner/synchronize::allow -> group@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow -> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow - -# Test setfacl -a. -$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test user and group name resolving. -$ rm xxx -$ touch xxx -$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx -$ getfacl xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> user:root:-----------C--:-------:allow -> group:daemon:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Check whether ls correctly marks files with "+". -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -# Test removing entries by number. -$ setfacl -x 1 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -m. -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -a0 everyone@:rwx:deny xxx -$ setfacl -m everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test getfacl -i. -$ getfacl -i xxx -> # file: xxx -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:rw-p--aARWcCos:-------:allow -> user:root:-----------C--:-------:allow:0 -> group:daemon:----------c---:-------:deny:1 -> everyone@:r-----a-R-c--s:-------:allow - -# Make sure cp without any flags does not copy copy the ACL. -$ cp xxx yyy -$ ls -l yyy | cut -d' ' -f1 -> -rw-r--r-- - -# Make sure it does with the "-p" flag. -$ rm yyy -$ cp -p xxx yyy -$ getfacl -n yyy -> # file: yyy -> # owner: root -> # group: wheel -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> everyone@:--------------:-------:deny -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm yyy - -# Test removing entries by... by example? -$ setfacl -x everyone@::deny xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> user:0:-----------C--:-------:allow -> group:1:----------c---:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Test setfacl -b. -$ setfacl -b xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -# Check setfacl(1) and getfacl(1) with multiple files. -$ touch xxx yyy zzz - -$ ls -l xxx yyy zzz | cut -d' ' -f1 -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r--+ -> -rw-r--r--+ -> -rw-r--r--+ - -$ getfacl -nq nnn xxx yyy zzz -> getfacl: nnn: stat() failed: No such file or directory -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -> -> user:42:--x-----------:-------:allow -> group:43:-w------------:-------:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ setfacl -b nnn xxx yyy zzz -> setfacl: nnn: stat() failed: No such file or directory - -$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 -> ls: nnn: No such file or directory -> -rw-r--r-- -> -rw-r--r-- -> -rw-r--r-- - -$ rm xxx yyy zzz - -# Test applying mode to an ACL. -$ touch xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: root -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ ls -l xxx | cut -d' ' -f1 -> -rw------- - -$ rm xxx -$ touch xxx -$ chown 42 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 600 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 42 -> # group: wheel -> owner@:rw-p--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -rw------- - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 124 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> owner@:rw-p----------:-------:deny -> group@:r-------------:-------:deny -> owner@:--x---aARWcCos:-------:allow -> group@:-w-p--a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> ---x-w-r-- - -$ rm xxx -$ touch xxx -$ chown 43 xxx -$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx -$ chmod 412 xxx -$ getfacl -n xxx -> # file: xxx -> # owner: 43 -> # group: wheel -> owner@:-wxp----------:-------:deny -> group@:-w-p----------:-------:deny -> owner@:r-----aARWcCos:-------:allow -> group@:--x---a-R-c--s:-------:allow -> everyone@:-w-p--a-R-c--s:-------:allow -$ ls -l xxx | cut -d' ' -f1 -> -r----x-w- - -$ mkdir ddd -$ setfacl -a0 group:44:rwapd:allow ddd -$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd -$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-----:allow -> group:43:-w--D---------:-d-----:deny -> group@:-----da-------:-------:allow -> group:44:rw-p-da-------:-------:allow -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:-w-p--a-R-c--s:f-i----:allow - -$ chmod 777 ddd -$ getfacl -n ddd -> # file: ddd -> # owner: root -> # group: wheel -> owner@:rwxp--aARWcCos:-------:allow -> group@:rwxp--a-R-c--s:-------:allow -> everyone@:rwxp--a-R-c--s:-------:allow - -# Test applying ACL to mode. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 u:42:rwx:fi:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> drwxr-xr-x+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr----x---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr---wx---+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -$ rmdir ddd -$ mkdir ddd -$ chmod 0 ddd -$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd -$ ls -ld ddd | cut -d' ' -f1 -> dr--------+ - -# Test inheritance. -$ rmdir ddd -$ mkdir ddd -$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd -$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd -$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd -$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd -$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd -$ getfacl -qn ddd -> user:41:-w-----A------:f--n---:allow -> group:41:r-----a-------:-din---:allow -> user:42:-----------Co-:f-i----:allow -> user:42:r-x-----------:f-i----:allow -> group:42:-w--D---------:-d-n---:deny -> group:43:-w---------C--:f-in---:deny -> user:43:rwxp----------:-------:allow -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:r-x---a-R-c--s:-------:allow - -$ cd ddd -$ touch xxx -$ getfacl -qn xxx -> user:41:--------------:------I:allow -> user:42:--------------:------I:allow -> user:42:r-------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ rm xxx -$ umask 077 -$ touch xxx -$ getfacl -qn xxx -> user:41:--------------:------I:allow -> user:42:--------------:------I:allow -> user:42:--------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:rw-p--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ rm xxx -$ umask 770 -$ touch xxx -$ getfacl -qn xxx -> owner@:rw-p----------:-------:deny -> group@:rw-p----------:-------:deny -> user:41:--------------:------I:allow -> user:42:--------------:------I:allow -> user:42:--------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:rw-p--a-R-c--s:-------:allow - -$ rm xxx -$ umask 707 -$ touch xxx -$ getfacl -qn xxx -> owner@:rw-p----------:-------:deny -> user:41:-w------------:------I:allow -> user:42:--------------:------I:allow -> user:42:r-------------:------I:allow -> group:43:-w---------C--:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:rw-p--a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ umask 077 -$ mkdir yyy -$ getfacl -qn yyy -> group:41:------a-------:------I:allow -> user:42:-----------Co-:f-i---I:allow -> user:42:r-x-----------:f-i---I:allow -> group:42:-w--D---------:------I:deny -> owner@:rwxp--aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 770 -$ mkdir yyy -$ getfacl -qn yyy -> owner@:rwxp----------:-------:deny -> group@:rwxp----------:-------:deny -> group:41:------a-------:------I:allow -> user:42:-----------Co-:f-i---I:allow -> user:42:r-x-----------:f-i---I:allow -> group:42:-w--D---------:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:------a-R-c--s:-------:allow -> everyone@:rwxp--a-R-c--s:-------:allow - -$ rmdir yyy -$ umask 707 -$ mkdir yyy -$ getfacl -qn yyy -> owner@:rwxp----------:-------:deny -> group:41:r-----a-------:------I:allow -> user:42:-----------Co-:f-i---I:allow -> user:42:r-x-----------:f-i---I:allow -> group:42:-w--D---------:------I:deny -> owner@:------aARWcCos:-------:allow -> group@:rwxp--a-R-c--s:-------:allow -> everyone@:------a-R-c--s:-------:allow - -# There is some complication regarding how write_acl and write_owner flags -# get inherited. Make sure we got it right. -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:allow . -$ setfacl -a0 u:43:Co:d:allow . -$ setfacl -a0 u:44:Co:fd:allow . -$ setfacl -a0 u:45:Co:fi:allow . -$ setfacl -a0 u:46:Co:di:allow . -$ setfacl -a0 u:47:Co:fdi:allow . -$ setfacl -a0 u:48:Co:fn:allow . -$ setfacl -a0 u:49:Co:dn:allow . -$ setfacl -a0 u:50:Co:fdn:allow . -$ setfacl -a0 u:51:Co:fni:allow . -$ setfacl -a0 u:52:Co:dni:allow . -$ setfacl -a0 u:53:Co:fdni:allow . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:--------------:------I:allow -> user:51:--------------:------I:allow -> user:50:--------------:------I:allow -> user:48:--------------:------I:allow -> user:47:--------------:------I:allow -> user:45:--------------:------I:allow -> user:44:--------------:------I:allow -> user:42:--------------:------I:allow -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:--------------:------I:allow -> user:52:--------------:------I:allow -> user:50:--------------:------I:allow -> user:49:--------------:------I:allow -> user:47:--------------:fd----I:allow -> user:46:--------------:-d----I:allow -> user:45:-----------Co-:f-i---I:allow -> user:44:--------------:fd----I:allow -> user:43:--------------:-d----I:allow -> user:42:-----------Co-:f-i---I:allow -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:r-x---a-R-c--s:-------:allow - -$ setfacl -b . -$ setfacl -a0 u:42:Co:f:deny . -$ setfacl -a0 u:43:Co:d:deny . -$ setfacl -a0 u:44:Co:fd:deny . -$ setfacl -a0 u:45:Co:fi:deny . -$ setfacl -a0 u:46:Co:di:deny . -$ setfacl -a0 u:47:Co:fdi:deny . -$ setfacl -a0 u:48:Co:fn:deny . -$ setfacl -a0 u:49:Co:dn:deny . -$ setfacl -a0 u:50:Co:fdn:deny . -$ setfacl -a0 u:51:Co:fni:deny . -$ setfacl -a0 u:52:Co:dni:deny . -$ setfacl -a0 u:53:Co:fdni:deny . -$ umask 022 -$ rm xxx -$ touch xxx -$ getfacl -nq xxx -> user:53:-----------Co-:------I:deny -> user:51:-----------Co-:------I:deny -> user:50:-----------Co-:------I:deny -> user:48:-----------Co-:------I:deny -> user:47:-----------Co-:------I:deny -> user:45:-----------Co-:------I:deny -> user:44:-----------Co-:------I:deny -> user:42:-----------Co-:------I:deny -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -$ rmdir yyy -$ mkdir yyy -$ getfacl -nq yyy -> user:53:-----------Co-:------I:deny -> user:52:-----------Co-:------I:deny -> user:50:-----------Co-:------I:deny -> user:49:-----------Co-:------I:deny -> user:47:-----------Co-:fd----I:deny -> user:46:-----------Co-:-d----I:deny -> user:45:-----------Co-:f-i---I:deny -> user:44:-----------Co-:fd----I:deny -> user:43:-----------Co-:-d----I:deny -> user:42:-----------Co-:f-i---I:deny -> owner@:rwxp--aARWcCos:-------:allow -> group@:r-x---a-R-c--s:-------:allow -> everyone@:r-x---a-R-c--s:-------:allow - -$ rmdir yyy -$ rm xxx -$ cd .. -$ rmdir ddd - -$ rm xxx - Property changes on: user/ngie/more-tests/tools/regression/acltools/tools-nfs4-psarc.test ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property Index: user/ngie/more-tests/tools/regression/acltools/tools-nfs4-trivial.test =================================================================== --- user/ngie/more-tests/tools/regression/acltools/tools-nfs4-trivial.test (revision 288679) +++ user/ngie/more-tests/tools/regression/acltools/tools-nfs4-trivial.test (nonexistent) @@ -1,82 +0,0 @@ -# Copyright (c) 2011 Edward Tomasz Napierała -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# -# $FreeBSD$ -# - -# This is a tools-level test for acl_is_trivial_np(3). Run it as root on ZFS. -# Note that this does not work on UFS with NFSv4 ACLs enabled - UFS recognizes -# both kind of trivial ACLs and replaces it by the default one. -# -# WARNING: Creates files in unsafe way. - -$ whoami -> root -$ umask 022 - -# Check whether ls(1) correctly recognizes PSARC/2010/029-style trivial ACLs. -$ touch xxx - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -$ getfacl -q xxx -> owner@:rw-p--aARWcCos:-------:allow -> group@:r-----a-R-c--s:-------:allow -> everyone@:r-----a-R-c--s:-------:allow - -# Check whether ls(1) correctly recognizes draft-style trivial ACLs. -$ rm xxx -$ touch xxx -$ setfacl -a0 owner@:x:deny,owner@:rwpAWCo:allow,group@:wxp:deny,group@:r:allow,everyone@:wxpAWCo:deny,everyone@:raRcs:allow xxx -$ setfacl -x5 xxx -$ setfacl -x5 xxx -$ setfacl -x5 xxx - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r-- - -$ getfacl -q xxx -> owner@:--x-----------:-------:deny -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -# Make sure ls(1) actually can recognize something as non-trivial. -$ setfacl -x0 xxx - -$ ls -l xxx | cut -d' ' -f1 -> -rw-r--r--+ - -$ getfacl -q xxx -> owner@:rw-p---A-W-Co-:-------:allow -> group@:-wxp----------:-------:deny -> group@:r-------------:-------:allow -> everyone@:-wxp---A-W-Co-:-------:deny -> everyone@:r-----a-R-c--s:-------:allow - -$ rm xxx - Property changes on: user/ngie/more-tests/tools/regression/acltools/tools-nfs4-trivial.test ___________________________________________________________________ Deleted: svn:keywords ## -1 +0,0 ## -FreeBSD=%H \ No newline at end of property