d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Verify that the write_owner for
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 1. Create file and directory in zfs filesystem
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 2. Set special write_owner ACE to the file and directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 3. Try to chown/chgrp of the file and directory to take owner/group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 4. Verify that the owner/group are correct. Follow these rules:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# (1) If uid is granted the write_owner permission, then it can only do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# chown to its own uid, or a group that they are a member of.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# (2) Owner will ignore permission of (1) even write_owner not granted.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# (3) Superuser will always permit whatever they do.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy [[ -f $TESTDIR/$ARCHIVEFILE ]] && log_must rm -f $TESTDIR/$ARCHIVEFILE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_assert "Verify that the chown/chgrp could take owner/group " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "while permission is granted."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get the owner of a file/directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -z $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get the group of a file/directory
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -z $node ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get the group name that a UID belongs to
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ -z $uid ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $? -eq 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $new_owner != $old_owner ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $ret -eq 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $new_owner != $expect_owner ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_note "Owner not changed as expected " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "($old_owner|$new_owner|$expect_owner), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ $ret -ne 0 && $new_owner != $old_owner ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_note "Owner changed ($old_owner|$new_owner), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $new_group != $old_group ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $ret -eq 0 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $new_group != $expect_group ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_note "Group not changed as expected " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "($old_group|$new_group|$expect_group), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ $ret -ne 0 && $new_group != $old_group ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_note "Group changed ($old_group|$new_group), " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # To super user, read and write deny permission was override.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $user == root ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ $user == $new ]] ; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $user == $old || $acl_target == *:allow ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset log old_owner old_group new_owner new_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $flag == "owner@" || $flag == "everyone@" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $flag == "group@" || $flag == "everyone@" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=$(logname $acl_target $g_usr $old_owner \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=$(logname $acl_target $o_usr $old_owner \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=${2%/}
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must su $user -c "chmod A+$flag:$acl_t $node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_chmod_results $user $node $flag $acl_t $g_usr \
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must su $user -c "chmod 555 $base_node"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytypeset a_access="write_owner:allow write_owner:deny"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access 'root' $file $ZFS_ACL_ADMIN $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access 'root' $dir $ZFS_ACL_ADMIN $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedysetup_test_files $basedir $ZFS_ACL_STAFF1 $ZFS_ACL_STAFF_GROUP
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access $ZFS_ACL_STAFF1 $file $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedytest_chmod_basic_access $ZFS_ACL_STAFF1 $dir $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_pass "Verify that the chown/chgrp could take owner/group " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "while permission is granted."