zfs_acl_chmod_aclmode_001_pos.ksh revision 1d32ba663e202c24a5a1f2e5aef83fffb447cb7f
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
# Copyright 2016 Nexenta Systems, Inc.
#
# DESCRIPTION:
# Verify chmod have correct behaviour on directories and files when
# filesystem has the different aclmode setting
#
# STRATEGY:
# 1. Loop super user and non-super user to run the test case.
# 2. Create basedir and a set of subdirectores and files within it.
# 3. Separately chmod basedir with different aclmode options,
# combine with the variable setting of aclmode:
# "discard", "groupmask", or "passthrough".
# 4. Verify each directories and files have the correct access control
# capability.
verify_runnable "both"
function cleanup
{
(( ${#cwd} != 0 )) && cd $cwd
}
"filesystem has the different aclmode setting"
set -A aclmode_flag "discard" "groupmask" "passthrough"
set -A ace_prefix \
"group:$ZFS_ACL_OTHER_GROUP"
set -A argv "000" "444" "644" "777" "755" "231" "562" "413"
set -A ace_file_preset \
"read_data" \
"write_data" \
"append_data" \
"execute" \
# Define the base directory and file
# Verify all the node have expected correct access control
# According to the original bits, the input ACE access and ACE type, return the
# expect bits after 'chmod A0{+|=}'.
#
# $1 isdir indicate if the target is a directory
# $2 bits which was make up of three bit 'rwx'
# $3 bits_limit which was make up of three bit 'rwx'
# $4 ACE access which is read_data, write_data or execute
function cal_bits # isdir bits bits_limit acl_access ctrl
{
typeset -i isdir=$1
typeset -i bits=$2
typeset -i bits_limit=$3
typeset acl_access=$4
typeset -i ctrl=${5:-0}
typeset tmpstr
flagr=1
fi
flagw=1
fi
flagx=1
fi
else
flagr=1
flagw=1
flagx=1
flagr=0
fi
flagw=0
fi
flagx=0
fi
fi
$passthrough == 0 ]]; then
else
fi
fi
fi
else
else
fi
fi
else
fi
fi
fi
fi
$passthrough == 0 ]]; then
else
fi
fi
fi
echo "$tmpstr"
}
#
# To translate an ace if the node is dir
#
# $1 isdir indicate if the target is a directory
# $2 acl to be translated
#
function translate_acl # isdir acl
{
typeset -i isdir=$1
typeset acl=$2
fi
echo "$acl"
}
#
# To verify if a new ACL is generated as result of
# chmod operation.
#
# $2 newmode indicates the mode changed using chmod
# $3 isdir indicate if the target is a directory
#
function check_new_acl # bit newmode isdir
{
typeset bits=$1
typeset mode=$2
typeset -i isdir=$3
typeset new_acl
typeset gbit
typeset ebit
typeset str=":"
typeset dc=""
else
fi
str="/"
fi
fi
else
new_acl=${new_acl}${str}add_file/write_data/
dc="/delete_child"
fi
str="/"
fi
fi
fi
fi
echo "$new_acl"
}
function build_new_acl # newmode isdir
{
typeset newmode=$1
typeset isdir=$2
typeset expect
prefix="owner@"
else
prefix="group@"
fi
echo $expect
}
# According to inherited flag, verify subdirectories and files within it has
# correct inherited access control.
function verify_aclmode # <aclmode> <node> <newmode>
{
# Define the nodes which will be affected by inherit.
typeset aclmode=$1
typeset node=$2
typeset newmode=$3
# count: the ACE item to fetch
# pass: to mark if the current ACE should apply to the target
# passcnt: counter, if it achieves to maxnumber,
# then no additional ACE should apply.
typeset -i bits=0 obits=0 bits_owner=0 isdir=0
typeset -i total_acl
if [[ -d $node ]]; then
fi
count=0
passcnt=0
flag=0
while ((i >= 0)); do
pass=0
#
# aclmode=passthrough,
# no changes will be made to the ACL other than
# generating the necessary ACL entries to represent
# the new mode of the file or directory.
#
# aclmode=discard,
# delete all ACL entries that don't represent
# the mode of the file.
#
# aclmode=groupmask,
# reduce user or group permissions. The permissions are
# reduced, such that they are no greater than the group
# permission bits, unless it is a user entry that has the
# same UID as the owner of the file or directory.
# Then, the ACL permissions are reduced so that they are
# no greater than owner permission bits.
#
flag=1
((i = i + 1))
else
fi
;;
flag=1
((i = i + 1))
acltemp=""
reduce=0
# To determine the mask bits
# according to the entry type.
#
owner@)
pos=0
;;
group@)
pos=1
;;
everyone@)
pos=2
;;
user)
pos=0
else
pos=1
fi
;;
pos=1
reduce=1
;;
esac
# permission should be no greater than the
# group permission bits
# The ACL permissions are reduced so
# that they are no greater than owner
# permission bits.
fi
else
fi
$expect2 0)
else
fi
;;
break
;;
esac
# Get the first ACE to do comparison
"$expect1"
fi
fi
((i = i - 1))
done
#
# If there's no any ACE be checked, it should be identify as
#
if [[ -d $node ]]; then
elif [[ -f $node ]]; then
fi
if [[ $? -ne 0 ]]; then
fi
fi
}
typeset -i maxnumber=0
typeset acl
typeset target
typeset -i passthrough=0
typeset -i flag=0
cd $TESTDIR
for user in root $ZFS_ACL_STAFF1; do
0)
;;
1)
;;
esac
done
done
# Archive the file and directory
if [[ -d $obj ]]; then
elif [[ -f $obj ]]; then
fi
done
done
done
done
log_pass "Verify chmod behaviour co-op with aclmode setting passed"