zfs_acl_chmod_owner_001_pos.ksh revision 1d32ba663e202c24a5a1f2e5aef83fffb447cb7f
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
#
#
# DESCRIPTION:
# Verify that the write_owner for
#
# STRATEGY:
# 1. Create file and directory in zfs filesystem
# 2. Set special write_owner ACE to the file and directory
# (1) If uid is granted the write_owner permission, then it can only do
# chown to its own uid, or a group that they are a member of.
# (2) Owner will ignore permission of (1) even write_owner not granted.
# (3) Superuser will always permit whatever they do.
#
verify_runnable "both"
function cleanup
{
[[ -f $TESTDIR/$ARCHIVEFILE ]] && log_must rm -f $TESTDIR/$ARCHIVEFILE
return 0
}
log_assert "Verify that the chown/chgrp could take owner/group " \
"while permission is granted."
#
#
function get_owner
{
typeset node=$1
if [[ -z $node ]]; then
log_fail "node are not defined."
fi
}
#
#
function get_group
{
typeset node=$1
if [[ -z $node ]]; then
log_fail "node are not defined."
fi
}
#
# Get the group name that a UID belongs to
#
function get_user_group
{
typeset uid=$1
typeset value
if [[ -z $uid ]]; then
log_fail "UID not defined."
fi
if [[ $? -eq 0 ]]; then
echo $value
else
log_fail "Invalid UID (uid)."
fi
}
function operate_node_owner
{
typeset user=$1
typeset node=$2
typeset old_owner=$3
typeset expect_owner=$4
log_fail "user, node are not defined."
fi
su $user -c "chown $expect_owner $node"
ret=$?
if [[ $new_owner != $old_owner ]]; then
fi
if [[ $new_owner != $expect_owner ]]; then
"but return code is $ret."
return 1
fi
elif [[ $ret -ne 0 && $new_owner != $old_owner ]]; then
"but return code is $ret."
return 2
fi
return $ret
}
function operate_node_group
{
typeset user=$1
typeset node=$2
typeset old_group=$3
typeset expect_group=$4
log_fail "user, node are not defined."
fi
su $user -c "chgrp $expect_group $node"
ret=$?
if [[ $new_group != $old_group ]]; then
fi
if [[ $new_group != $expect_group ]]; then
"but return code is $ret."
return 1
fi
elif [[ $ret -ne 0 && $new_group != $old_group ]]; then
"but return code is $ret."
return 2
fi
return $ret
}
function logname
{
typeset acl_target=$1
typeset user=$2
typeset old=$3
typeset new=$4
typeset ret="log_mustnot"
# To super user, read and write deny permission was override.
ret="log_must"
if [[ $user == $old || $acl_target == *:allow ]]; then
ret="log_must"
fi
fi
print $ret
}
function check_chmod_results
{
typeset user=$1
typeset node=$2
typeset flag=$3
typeset acl_target=$3:$4
typeset g_usr=$5
typeset o_usr=$6
log=$(logname $acl_target $user \
done
fi
done
fi
done
fi
}
function test_chmod_basic_access
{
typeset user=$1
typeset node=${2%/}
typeset g_usr=$3
typeset o_usr=$4
done
done
}
function setup_test_files
{
typeset base_node=$1
typeset user=$2
typeset group=$3
log_must su $user -c "chmod 555 $base_node"
}
typeset ARCHIVEFILE=archive.tar
typeset a_access="write_owner:allow write_owner:deny"
typeset a_flag="owner@ group@ everyone@"
cd $TESTDIR
"while permission is granted."