acl/nontrivial/zfs_acl_chmod_rwx_002_pos.ksh

d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#!/bin/ksh -p
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER START
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# The contents of this file are subject to the terms of the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Common Development and Distribution License (the "License").
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You may not use this file except in compliance with the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# or http://www.opensolaris.org/os/licensing.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# See the License for the specific language governing permissions
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# and limitations under the License.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# When distributing Covered Code, include this CDDL HEADER in each
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# If applicable, add the following below this CDDL HEADER, with the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# fields enclosed by brackets "[]" replaced with your own identifying
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# information: Portions Copyright [yyyy] [name of copyright owner]
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# CDDL HEADER END
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Use is subject to license terms.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy# Copyright (c) 2016 by Delphix. All rights reserved.
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy#
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy. $STF_SUITE/tests/functional/acl/acl_common.kshlib
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# DESCRIPTION:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   chmod A{+|-|=} read_data|write_data|execute for owner@ group@ or
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   everyone@ correctly alters mode bits .
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# STRATEGY:
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   1. Loop root and non-root user.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   2. Get the random initial map.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   3. Get the random ACL string.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   4. Separately chmod +|-|= read_data|write_data|execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#   5. Check map bits
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyverify_runnable "both"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_assert "chmod A{+|-|=} read_data|write_data|execute for owner@, group@ " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    "or everyone@ correctly alters mode bits."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_onexit cleanup
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A bits 0 1 2 3 4 5 6 7
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A a_flag owner group everyone
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A a_access read_data write_data execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyset -A a_type allow deny
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Get a random item from an array.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 the base set
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction random_select #array_name
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset arr_name=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i ind
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    eval typeset -i cnt=\${#${arr_name}[@]}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    (( ind = $RANDOM % cnt ))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    eval print \${${arr_name}[$ind]}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Create a random string according to array name, the item number and
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# separated tag.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 array name where the function get the elements
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 the items number which you want to form the random string
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $3 the separated tag
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction form_random_str #<array_name> <count> <sep>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset arr_name=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i count=${2:-1}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset sep=${3:-""}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset str=""
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    while (( count > 0 )); do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        str="${str}$(random_select $arr_name)${sep}"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        (( count -= 1 ))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    print $str
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# According to the original bits, the input ACE access and ACE type, return the
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# expect bits after 'chmod A0{+|=}'.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $1 bits which was make up of three bit 'rwx'
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $2 ACE access which is read_data, write_data or execute
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# $3 ACE type which is allow or deny
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction cal_bits #bits acl_access acl_type
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset bits=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_access=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_type=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    set -A bit r w x
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset tmpbits=""
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov    typeset -i i=0
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    while (( i < 3 )); do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $acl_access == *"${a_access[i]}"* ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            if [[ $acl_type == "allow" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                tmpbits="$tmpbits${bit[i]}"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            elif [[ $acl_type == "deny" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                tmpbits="${tmpbits}-"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        else
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov            tmpbits="$tmpbits${bits:$i:1}"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        (( i += 1 ))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    echo "$tmpbits"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# Based on the initial node map before chmod and the ace-spec, check if chmod
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy# has the correct behaven to map bits.
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy#
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction check_test_result #init_mode node acl_flag acl_access a_type
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset init_mode=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$2
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_flag=$3
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_access=$4
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_type=$5
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov    typeset -L3 u_bits=$init_mode
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov    typeset g_bits=${init_mode:3:3}
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov    typeset -R3 o_bits=$init_mode
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $acl_flag == "owner" || $acl_flag == "everyone" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        u_bits=$(cal_bits $u_bits $acl_access $acl_type)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $acl_flag == "group" || $acl_flag == "everyone" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        g_bits=$(cal_bits $g_bits $acl_access $acl_type)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $acl_flag == "everyone" ]]; then
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        o_bits=$(cal_bits $o_bits $acl_access $acl_type)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset cur_mode=$(get_mode $node)
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov    cur_mode=${cur_mode:1:9}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if [[ $cur_mode == $u_bits$g_bits$o_bits ]]; then
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov        log_note "SUCCESS: Current map($cur_mode) == " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            "expected map($u_bits$g_bits$o_bits)"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        log_fail "FAIL: Current map($cur_mode) != " \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            "expected map($u_bits$g_bits$o_bits)"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfunction test_chmod_map #<node>
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy{
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset node=$1
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset init_mask acl_flag acl_access acl_type
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i cnt
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    if (( ${#node} == 0 )); then
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov        log_fail "FAIL: file name or directory name is not defined."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # Get the initial map
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    init_mask=$(form_random_str bits 3)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # Get ACL flag, access & type
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    acl_flag=$(form_random_str a_flag)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    (( cnt = ($RANDOM % ${#a_access[@]}) + 1 ))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    acl_access=$(form_random_str a_access $cnt '/')
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    acl_access=${acl_access%/}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    acl_type=$(form_random_str a_type)
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset acl_spec=${acl_flag}@:${acl_access}:${acl_type}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    # Set the initial map and back the initial ACEs
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset orig_ace=/tmp/orig_ace.$$
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset cur_ace=/tmp/cur_ace.$$
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    for operator in "A0+" "A0="; do
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec chmod $init_mask $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        init_mode=$(get_mode $node)
01ff4119377acad6b30d6f06f2bfd0f982720b10Yuri Pankov        init_mode=${init_mode:1:9}
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec eval "ls -vd $node > $orig_ace"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # To "A=", firstly add one ACE which can't modify map
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        if [[ $operator == "A0=" ]]; then
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy            log_must chmod A0+user:$ZFS_ACL_OTHER1:execute:deny \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy                $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec chmod $operator$acl_spec $node
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        check_test_result \
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            $init_mode $node $acl_flag $acl_access $acl_type
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        # Check "chmod A-"
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec chmod A0- $node
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec eval "ls -vd $node > $cur_ace"
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        if diff $orig_ace $cur_ace; then
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov            log_note "SUCCESS: current ACEs are equal to " \
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov                "original ACEs. 'chmod A-' succeeded."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        else
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy            log_fail "FAIL: 'chmod A-' failed."
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        fi
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    [[ -f $orig_ace ]] && log_must usr_exec rm -f $orig_ace
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy    [[ -f $cur_ace ]] && log_must usr_exec rm -f $cur_ace
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy}
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedyfor user in root $ZFS_ACL_STAFF1; do
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    set_cur_usr $user
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    typeset -i loop_cnt=20
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    while (( loop_cnt > 0 )); do
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec touch $testfile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        test_chmod_map $testfile
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must rm -f $testfile
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must usr_exec mkdir $testdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        test_chmod_map $testdir
1d32ba663e202c24a5a1f2e5aef83fffb447cb7fJohn Wren Kennedy        log_must rm -rf $testdir
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy        (( loop_cnt -= 1 ))
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy    done
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedydone
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedy
d583b39bfb4e2571d3e41097c5c357ffe353ad45John Wren Kennedylog_pass "chmod A{+|-|=} read_data|write_data|execute for owner@, group@ " \
fa517adbe8e043d0cdff8c3b22591c6fdec89934Yuri Pankov    "or everyone@ correctly alters mode bits passed."