d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#!/bin/ksh -p
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2009 Sun Microsystems, Inc. All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2016 by Delphix. All rights reserved.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# DESCRIPTION:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Verify assigned read_acl/write_acl to owner@/group@/everyone@,
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# specificied user and group. File have the correct access permission.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# STRATEGY:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 1. Separatedly verify file and directory was assigned read_acl/write_acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# by root and non-root user.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 2. Verify owner always can read and write acl, even deny.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 3. Verify group access permission, when group was assigned
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# read_acl/write_acl.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 4. Verify access permission, after everyone was assigned read_acl/write.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 5. Verify everyone@ was deny except specificied user, this user can read
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and write acl.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# 6. Verify the group was deny except specified user, this user can read
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and write acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyverify_runnable "both"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy "behaviour to access permission."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_onexit cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction read_ACL #<node> <user1> <user2> ...
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset -i ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy shift
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for user in $@; do
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy chgusr_exec $user ls -vd $node > /dev/null 2>&1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy ret=$?
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy (( ret != 0 )) && return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy shift
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy return 0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction write_ACL #<node> <user1> <user2> ...
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset -i ret before_cnt after_cnt
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy shift
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for user in "$@"; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy before_cnt=$(count_ACE $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy ret=$?;
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy (( ret != 0 )) && return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy chgusr_exec $user chmod A0+owner@:read_data:allow $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy ret=$?
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy (( ret != 0 )) && return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy after_cnt=$(count_ACE $node)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy ret=$?
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy (( ret != 0 )) && return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy chgusr_exec $user chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy ret=$?
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy (( ret != 0 )) && return $ret
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if (( after_cnt - before_cnt != 1 )); then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy return 1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy shift
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy return 0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_owner #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for acc in allow deny; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must usr_exec \
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy chmod A0+owner@:read_acl/write_acl:$acc $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must read_ACL $node $ZFS_ACL_CUR_USER
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must write_ACL $node $ZFS_ACL_CUR_USER
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_group #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset grp_usr=""
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $ZFS_ACL_CUR_USER == root ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy grp_usr=$ZFS_ACL_ADMIN
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy grp_usr=$ZFS_ACL_STAFF2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0+group@:read_acl/write_acl:allow $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must read_ACL $node $grp_usr
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must write_ACL $node $grp_usr
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0+group@:read_acl/write_acl:deny $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot read_ACL $node $grp_usr
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot write_ACL $node $grp_usr
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_everyone #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset flag
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for flag in allow deny; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy if [[ $flag == allow ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=log_must
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log=log_mustnot
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must usr_exec \
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy chmod A0+everyone@:read_acl/write_acl:$flag $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy $log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy $log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_spec_user #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0+everyone@:read_acl/write_acl:deny $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must usr_exec \
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy chmod A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # The specified user can read and write acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must read_ACL $node $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must write_ACL $node $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # All the other user can't read and write acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_spec_group #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0+everyone@:read_acl/write_acl:deny $node
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # The specified group can read and write acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy # All the other user can't read and write acl
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_user_in_group #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must read_ACL $node $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must write_ACL $node $ZFS_ACL_OTHER1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot read_ACL $node $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_mustnot write_ACL $node $ZFS_ACL_OTHER2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec chmod A0- $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A func_name check_owner \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_group \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_everyone \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_spec_user \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_spec_group \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy check_user_in_group
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfor user in root $ZFS_ACL_STAFF1; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy log_must set_cur_usr $user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec touch $testfile
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec mkdir $testdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy typeset func node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for func in ${func_name[@]}; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy for node in $testfile $testdir; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy eval $func \$node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy log_must usr_exec rm -rf $testfile $testdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedydone
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed."