zfs_acl_chmod_inherit_003_pos.ksh revision d583b39bfb4e2571d3e41097c5c357ffe353ad45
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# DESCRIPTION:
# Verify chmod have correct behaviour to directory and file when
# filesystem has the different aclinherit setting
#
# STRATEGY:
# 1. Loop super user and non-super user to run the test case.
# 2. Create basedir and a set of subdirectores and files within it.
# 3. Separately chmod basedir with different inherite options,
# combine with the variable setting of aclinherit:
# "discard", "noallow", "secure" or "passthrough".
# 4. Then create nested directories and files like the following.
#
# ofile
# odir
# chmod --> basedir -|
# |_ nfile1
# |_ ndir1 _
# |_ nfile2
# |_ ndir2 _
# |_ nfile3
# |_ ndir3
#
# 5. Verify each directories and files have the correct access control
# capability.
#
verify_runnable "both"
function cleanup
{
typeset dir
# Cleanup basedir, compared file and dir.
if [[ -f $ofile ]]; then
fi
if [[ -d $dir ]]; then
fi
done
}
log_assert "Verify chmod have correct behaviour to directory and file when " \
"filesystem has the different aclinherit setting."
# Define inherit flag
typeset aclinherit_flag=(discard noallow secure passthrough)
typeset ace_prefix1="owner@"
typeset ace_prefix2="group@"
typeset ace_prefix3="everyone@"
typeset ace_secure_new
# Defile the based directory and file
# Define the files and directories will be created after chmod
# Verify all the node have expected correct access control
#
# According to inherited flag, verify subdirectories and files within it has
# correct inherited access control.
#
function verify_inherit #<aclinherit> <object> [strategy]
{
# Define the nodes which will be affected by inherit.
typeset inherit_nodes
typeset inherit=$1
typeset obj=$2
typeset str=$3
# count: the ACE item to fetch
# pass: to mark if the current ACE should apply to the target
# maxnumber: predefine as 4
# passcnt: counter, if it achieves to maxnumber,
# then no additional ACE should apply.
# isinherit: indicate if the current target is in the inherit list.
# step: indicate if the ACE be split during inherit.
# Get the files which inherited ACE.
fi
fi
# Get the directores which inherited ACE.
fi
fi
step=0
if [[ -d $node ]] ; then
step=1
fi
else
fi
i=0
count=0
passcnt=0
pass=0
#
# aclinherit=passthrough,
# inherit all inheritable ACL entries without any
# modifications made to the ACL entries when they
# are inherited.
#
# aclinherit=secure,
# any inheritable ACL entries will remove
# write_acl and write_owner permissions when the ACL entry is
# inherited.
#
# aclinherit=noallow,
# only inherit inheritable ACE that specify "deny" permissions
#
# aclinherit=discard
# will not inherit any ACL entries
#
;;
;;
pass=1
else
fi
;;
break
;;
esac
if [[ -d $node ]]; then
#
# if no_propagate is set,
# then clear all inherit flags,
# only one ACE should left.
#
step=0
expect1=""
#
# directory should append
# "inherit_only" if not have
#
else
fi
#
# cleanup the first ACE if the directory
# not in inherit list
#
expect1=""
fi
elif [[ -f $node ]] ; then
expect1=""
fi
# Get the first ACE to do comparison
"$expect1"
fi
#
# Get the second ACE (if should have) to do
# comparison
#
if [[ -n $expect2 && \
"expect to be $expect2"
fi
fi
fi
((i = i + 1))
done
#
# If there's no any ACE be checked, it should be identify as
#
if [[ -d $node ]]; then
elif [[ -f $node ]]; then
fi
if [[ $? -ne 0 ]]; then
fi
fi
done
}
typeset -i i=0
#
# Set aclmode=passthrough to make sure
# the acl will not change during chmod.
# A general testing should verify the combination of
# aclmode/aclinherit works well,
# here we just simple test them separately.
#
#
# Set different value of aclinherit
#
((${#str} != 0)) && inh_opt=${inh_opt}${str}--
#
# Prepare 4 ACES, which should include :
# deny -> to verify "noallow"
# write_acl/write_owner -> to verify "secure"
#
acl0="$ace_prefix1:rwxp---A-W-Co-:${inh_a}:allow"
acl1="$ace_prefix2:rwxp---A-W-Co-:${inh_a}:deny"
acl2="$ace_prefix3:rwxp---A-W-Co-:${inh_a}:allow"
acl3="$ace_prefix1:-------A-W----:${inh_a}:deny"
acl4="$ace_prefix2:-------A-W----:${inh_a}:allow"
acl5="$ace_prefix3:-------A-W----:${inh_a}:deny"
#
# The ACE filtered by write_acl/write_owner
#
acls0="$ace_prefix1:rwxp---A-W----:${inh_b}:allow"
acls1="$ace_prefix2:rwxp---A-W----:${inh_b}:deny"
acls2="$ace_prefix3:rwxp---A-W----:${inh_b}:allow"
acls3="$ace_prefix1:rwxp---A-W----:${inh_b}:deny"
acls4="$ace_prefix2:rwxp---A-W----:${inh_b}:allow"
acls5="$ace_prefix3:rwxp---A-W----:${inh_b}:deny"
else
acls0="$ace_prefix1:-------A-W----:${inh_b}:allow"
acls1="$ace_prefix2:-------A-W-Co-:${inh_b}:deny"
acls2="$ace_prefix3:-------A-W----:${inh_b}:allow"
acls3="$ace_prefix1:-------A-W----:${inh_b}:deny"
acls4="$ace_prefix2:-------A-W----:${inh_b}:allow"
acls5="$ace_prefix3:-------A-W----:${inh_b}:deny"
fi
#
# for comparison.
#
i=5
while ((i >= 0)); do
#
# Place on a directory should succeed.
#
((i = i - 1))
done
done
done
done
done
log_pass "Verify chmod inherit behaviour co-op with aclinherit setting passed."