acl/nontrivial/zfs_acl_chmod_owner_001_pos.ksh

d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#!/bin/ksh -p
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# DESCRIPTION:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   Verify that the write_owner for
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   owner/group/everyone are correct.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# STRATEGY:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 1. Create file and  directory in zfs filesystem
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 2. Set special write_owner ACE to the file and directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 3. Try to chown/chgrp of the file and directory to take owner/group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 4. Verify that the owner/group are correct. Follow these rules:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   (1) If uid is granted the write_owner permission, then it can only do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#       chown to its own uid, or a group that they are a member of.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   (2) Owner will ignore permission of (1) even write_owner not granted.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   (3) Superuser will always permit whatever they do.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyverify_runnable "both"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    [[ -d $basedir ]] && rm -rf $basedir
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    [[ -f $TESTDIR/$ARCHIVEFILE ]] && log_must rm -f $TESTDIR/$ARCHIVEFILE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    return 0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_assert "Verify that the chown/chgrp could take owner/group " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    "while permission is granted."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_onexit cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get the owner of a file/directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction get_owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ -z $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "node are not defined."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    echo $(ls -dl $node | awk '{print $3}')
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get the group of a file/directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction get_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ -z $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "node are not defined."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    echo $(ls -dl $node | awk '{print $4}')
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get the group name that a UID belongs to
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction get_user_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset uid=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset value
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ -z $uid ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "UID not defined."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    value=$(id $uid)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $? -eq 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        value=${value##*\(}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        value=${value%%\)*}
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        echo $value
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "Invalid UID (uid)."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction operate_node_owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset user=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset old_owner=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset expect_owner=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset ret new_owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $user == "" || $node == "" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "user, node are not defined."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    su $user -c "chown $expect_owner $node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    ret=$?
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    new_owner=$(get_owner $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $new_owner != $old_owner ]]; then
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        tar xpf $TESTDIR/$ARCHIVEFILE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $ret -eq 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $new_owner != $expect_owner ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log_note "Owner not changed as expected " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                "($old_owner|$new_owner|$expect_owner), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                "but return code is $ret."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            return 1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    elif [[ $ret -ne 0 && $new_owner != $old_owner ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_note "Owner changed ($old_owner|$new_owner), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            "but return code is $ret."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        return 2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction operate_node_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset user=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset old_group=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset expect_group=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset ret new_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $user == "" || $node == "" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "user, node are not defined."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    su $user -c "chgrp $expect_group $node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    ret=$?
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    new_group=$(get_group $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $new_group != $old_group ]]; then
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        tar xpf $TESTDIR/$ARCHIVEFILE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $ret -eq 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $new_group != $expect_group ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log_note "Group not changed as expected " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                "($old_group|$new_group|$expect_group), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                "but return code is $ret."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            return 1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    elif [[ $ret -ne 0 && $new_group != $old_group ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_note "Group changed ($old_group|$new_group), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            "but return code is $ret."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        return 2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction logname
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_target=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset user=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset old=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset new=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset ret="log_mustnot"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # To super user, read and write deny permission was override.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $user == root ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        ret="log_must"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    elif [[ $user == $new ]] ; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $user == $old || $acl_target == *:allow ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            ret="log_must"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    print $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_chmod_results
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset user=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset flag=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_target=$3:$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset g_usr=$5
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset o_usr=$6
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset log old_owner old_group new_owner new_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    old_owner=$(get_owner $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    old_group=$(get_group $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        for new_owner in $user "nobody"; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            new_group=$(get_user_group $new_owner)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log=$(logname $acl_target $user \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $old_owner $new_owner)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $log operate_node_owner $user $node \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $old_owner $new_owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $log operate_node_group $user $node \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $old_group $new_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $flag == "group@" || $flag == "everyone@" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        for new_owner in $g_usr "nobody"; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            new_group=$(get_user_group $new_owner)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log=$(logname $acl_target $g_usr $old_owner \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $new_owner)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $log operate_node_owner $g_usr $node \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $old_owner $new_owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $log operate_node_group $g_usr \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $node $old_group $new_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $flag == "everyone@" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        for new_owner in $g_usr "nobody"; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            new_group=$(get_user_group $new_owner)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log=$(logname $acl_target $o_usr $old_owner \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $new_owner)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $log operate_node_owner $o_usr $node \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $old_owner $new_owner
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $log operate_node_group $o_usr $node \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $old_group $new_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction test_chmod_basic_access
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset user=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=${2%/}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset g_usr=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset o_usr=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset flag acl_t
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    for flag in $a_flag; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        for acl_t in $a_access; do
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy            log_must su $user -c "chmod A+$flag:$acl_t $node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy            tar cpf $TESTDIR/$ARCHIVEFILE basedir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            check_chmod_results $user $node $flag $acl_t $g_usr \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $o_usr
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy            log_must su $user -c "chmod A0- $node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction setup_test_files
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset base_node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset user=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset group=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    rm -rf $base_node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must mkdir -p $base_node
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must chown $user:$group $base_node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # Prepare all files/sub-dirs for testing.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must su $user -c "touch $file"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must su $user -c "chmod 444 $file"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must su $user -c "mkdir -p $dir"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must su $user -c "chmod 444 $dir"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    log_must su $user -c "chmod 555 $base_node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset ARCHIVEFILE=archive.tar
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset a_access="write_owner:allow write_owner:deny"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset a_flag="owner@ group@ everyone@"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset basedir="$TESTDIR/basedir"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset file="$basedir/file"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset dir="$basedir/dir"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedycd $TESTDIR
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedysetup_test_files $basedir 'root' 'root'
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access 'root' $file $ZFS_ACL_ADMIN  $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access 'root' $dir $ZFS_ACL_ADMIN  $ZFS_ACL_OTHER1
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedyrm -rf $basedir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedysetup_test_files $basedir $ZFS_ACL_STAFF1 $ZFS_ACL_STAFF_GROUP
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access $ZFS_ACL_STAFF1 $file $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access $ZFS_ACL_STAFF1 $dir $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER1
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedyrm -rf $basedir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_pass "Verify that the chown/chgrp could take owner/group " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    "while permission is granted."