zfs_acl_chmod_inherit_002_neg.ksh revision d583b39bfb4e2571d3e41097c5c357ffe353ad45
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Copyright (c) 2012 by Delphix. All rights reserved.
#
#
# DESCRIPTION:
# Verify chmod have correct behaviour to directory and file not inherited
# when filesystem has the different aclinherit setting
#
# STRATEGY:
# 1. Loop super user and non-super user to run the test case.
# 2. Create basedir and a set of subdirectores and files within it.
# 3. Separately chmod basedir with different inherite options,
# combine with the variable setting of aclinherit:
# "discard", "noallow", "restricted" or "passthrough".
# 4. Then create nested directories and files like the following.
#
# ofile
# odir
# chmod --> basedir -|
# |_ nfile1
# |_ ndir1 _
# |_ nfile2
# |_ ndir2 _
# |_ nfile3
# |_ ndir3
#
# 5. Verify non-inherited directories and files have the correct access
# control capability.
#
verify_runnable "both"
function cleanup
{
typeset dir
# Cleanup basedir, compared file and dir.
if [[ -f $ofile ]]; then
fi
if [[ -d $dir ]]; then
fi
done
}
log_assert "Verify chmod have correct behaviour to directory and file when " \
"filesystem has the different aclinherit setting."
# Define inherit flag
typeset aclinherit_flag=(discard noallow restricted passthrough)
typeset ace_prefix1="user:$ZFS_ACL_OTHER1"
typeset ace_prefix2="user:$ZFS_ACL_OTHER2"
typeset ace_secure_new
# Defile the based directory and file
# Define the files and directories will be created after chmod
# Verify all the node have expected correct access control
#
# According to inherited flag, verify subdirectories and files within it has
# correct inherited access control.
#
function verify_inherit #<aclinherit> <object> [strategy]
{
# Define the nodes which will be affected by inherit.
typeset non_inherit_nodes=""
typeset inherit=$1
typeset obj=$2
typeset str=$3
typeset inherit_type
typeset str1="/inherit_only/inherited:"
typeset str2="/inherited:"
# count: the ACE item to fetch
# maxnumber: predefine as 4
# passcnt: counter, if it achieves to maxnumber,
# then no additional ACE should apply.
# isinherit: indicate if the current target is in the inherit list.
# Get the inherit type/object_flag and non-inherited nodes.
inherit_type="both"
fi
inherit_type="directory"
fi
else
inherit_type="file"
fi
fi
else
fi
i=0
count=0
passcnt=0
pass=0
;;
break
;;
esac
# Verify ACE's for sub-directory
if [[ -d $node ]]; then
if [[ $expect1 != \
*"inherit_only"* ]]; then
#
# directory should append
# "inherit_only" if not have
#
else
fi
fi
if [[ $no_propagate == 0 ]]; then
"expect to be $expect1"
fi
else
# compare if directory has basic
# ACL's
if [[ $? -ne 0 ]]; then
"($str)"
fi
fi
# Verify ACE's for nested file
elif [[ -f $node ]]; then
if [[ $? -ne 0 ]]; then
fi
fi
fi
((i = i + 1))
done
#
# If there's no any ACE be checked, it should be identify as
#
if [[ -d $node ]]; then
elif [[ -f $node ]]; then
fi
if [[ $? -ne 0 ]]; then
fi
fi
done
}
typeset -i i=0
#
# Set aclmode=passthrough to make sure
# the acl will not change during chmod.
# A general testing should verify the combination of
# aclmode/aclinherit works well,
# here we just simple test them separately.
#
#
# Set different value of aclinherit
#
((${#str} != 0)) && inh_opt=$inh_opt/$str
#
# Prepare 4 ACES, which should include :
# deny -> to verify "noallow"
# write_acl/write_owner -> to verify "secure"
#
acl0=${ace_prefix1}":read_xattr/write_acl/"
acl2="$ace_prefix1:read_xattr:$inh_opt:deny"
acl3="$ace_prefix2:read_xattr:$inh_opt:allow"
#
# The ACE filtered by write_acl/write_owner
#
acls0="$ace_prefix1:read_xattr:$inh_opt:deny"
acls1="$ace_prefix2:read_xattr:$inh_opt:allow"
#
# for comparison.
#
i=3
while ((i >= 0)); do
#
# Place on a directory should succeed.
#
((i = i - 1))
done
done
done
done
done
log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed."