zfs_acl_chmod_inherit_003_pos.ksh revision 1d32ba663e202c24a5a1f2e5aef83fffb447cb7f
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Copyright 2016 Nexenta Systems, Inc.
#
# DESCRIPTION:
# Verify chmod have correct behaviour to directory and file when
# filesystem has the different aclinherit setting
#
# STRATEGY:
# 1. Use both super user and non-super user to run the test case.
# 2. Create basedir and a set of subdirectores and files within it.
# 3. Separately chmod basedir with different inherite options,
# combine with the variable setting of aclinherit:
# "discard", "noallow", "restricted" or "passthrough".
# 4. Then create nested directories and files like the following.
#
# ofile
# odir
# chmod --> basedir -|
# |_ nfile1
# |_ ndir1 _
# |_ nfile2
# |_ ndir2 _
# |_ nfile3
# |_ ndir3
#
# 5. Verify each directories and files have the correct access control
# capability.
verify_runnable "both"
function cleanup
{
}
log_assert "Verify chmod have correct behaviour to directory and file when" \
"filesystem has the different aclinherit setting"
# Define inherit flag
typeset ace_prefix1="owner@"
typeset ace_prefix2="group@"
typeset ace_prefix3="everyone@"
# Define the base directory and file
# Define the files and directories that will be created after chmod
# Verify all nodes have expected correct access control
# According to inherited flag, verify subdirectories and files within it has
# correct inherited access control.
function verify_inherit #<aclinherit> <object> [strategy]
{
# Define the nodes which will be affected by inherit.
typeset inherit_nodes
typeset inherit=$1
typeset obj=$2
typeset str=$3
# Check if we have any inheritance flags set
# Files should have inherited ACEs only if file_inherit is set
fi
fi
# Directories should have inherited ACEs if file_inherit without
fi
fi
fi
fi
# If current node isn't in inherit list, there's
# nothing to check, skip to checking trivial ACL
break
fi
# Do not inherit any ACEs
break
;;
# Only inherit inheritable ACEs that specify
# "deny" permissions
((i = i + 1))
continue
fi
;;
# Remove write_acl and write_owner permissions
# when the ACEs is inherited
;;
;;
esac
if [[ -d $node ]]; then
# Clear inheritance flags if no_propagate is set
inh="--"
fi
# Set inherit_only if there's a file_inherit
# without dir_inherit
else
fi
elif [[ -f $node ]] ; then
fi
fi
((i = i + 1))
done
# There were no non-trivial ACEs to check, do the trivial ones
if [[ -d $node ]]; then
elif [[ -f $node ]]; then
fi
if [[ $? -ne 0 ]]; then
fi
fi
done
}
((${#str} != 0)) && inh_opt="${inh_opt}${str}--"
inh_a="${inh_opt}-"
inh_b="${inh_opt}I"
# deny - to verify "noallow"
# write_acl/write_owner - to verify "restricted"
acl0="$ace_prefix1:-------A-W-Co-:$inh_a:allow"
acl1="$ace_prefix2:-------A-W-Co-:$inh_a:deny"
acl2="$ace_prefix3:-------A-W-Co-:$inh_a:allow"
acl3="$ace_prefix1:-------A-W----:$inh_a:deny"
acl4="$ace_prefix2:-------A-W----:$inh_a:allow"
acl5="$ace_prefix3:-------A-W----:$inh_a:deny"
# ACEs filtered by write_acl/write_owner
acls0="$ace_prefix1:-------A-W----:$inh_b:allow"
acls1="$ace_prefix2:-------A-W-Co-:$inh_b:deny"
acls2="$ace_prefix3:-------A-W----:$inh_b:allow"
acls3="$ace_prefix1:-------A-W----:$inh_b:deny"
acls4="$ace_prefix2:-------A-W----:$inh_b:allow"
acls5="$ace_prefix3:-------A-W----:$inh_b:deny"
while ((i >= 0)); do
((i = i - 1))
done
done
done
done
done
log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed"