zfs_acl_chmod_rwx_004_pos.ksh revision 1d32ba663e202c24a5a1f2e5aef83fffb447cb7f
#!/bin/ksh -p
#
# CDDL HEADER START
#
# The contents of this file are subject to the terms of the
# Common Development and Distribution License (the "License").
# You may not use this file except in compliance with the License.
#
# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
# or http://www.opensolaris.org/os/licensing.
# See the License for the specific language governing permissions
# and limitations under the License.
#
# When distributing Covered Code, include this CDDL HEADER in each
# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
# If applicable, add the following below this CDDL HEADER, with the
# fields enclosed by brackets "[]" replaced with your own identifying
# information: Portions Copyright [yyyy] [name of copyright owner]
#
# CDDL HEADER END
#
#
# Copyright 2007 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#
# Copyright (c) 2012, 2016 by Delphix. All rights reserved.
#
. $STF_SUITE/tests/functional/acl/acl_common.kshlib
#
# DESCRIPTION:
# Verify that explicit ACL setting to specified user or group will
# override existed access rule.
#
# STRATEGY:
# 1. Loop root and non-root user.
# 2. Loop the specified access one by one.
# 3. Loop verify explicit ACL set to specified user and group.
#
verify_runnable "both"
function check_access #log user node access rflag
{
typeset log=$1
typeset user=$2
typeset node=$3
typeset access=$4
typeset rflag=$5
if [[ $rflag == "allow" && $access == execute ]]; then
rwx_node $user $node $access
#
# When everyone@ were deny, this file can't execute.
# So,'cannot execute' means user has the permission to
# execute, just the file can't be execute.
#
if [[ $ZFS_ACL_ERR_STR == *"cannot execute"* ]]; then
log_note "SUCCESS: rwx_node $user $node $access"
else
log_fail "FAIL: rwx_node $user $node $access"
fi
else
$log rwx_node $user $node $access
fi
}
function verify_explicit_ACL_rule #node access flag
{
typeset node=$1
typeset access=$2
typeset flag=$3
typeset log rlog rflag
# Get the expect log check
if [[ $flag == allow ]]; then
log=log_mustnot
rlog=log_must
rflag=deny
else
log=log_must
rlog=log_mustnot
rflag=allow
fi
log_must usr_exec chmod A+everyone@:$access:$flag $node
log_must usr_exec chmod A+user:$ZFS_ACL_OTHER1:$access:$rflag $node
check_access $log $ZFS_ACL_OTHER1 $node $access $rflag
log_must usr_exec chmod A0- $node
log_must usr_exec \
chmod A+group:$ZFS_ACL_OTHER_GROUP:$access:$rflag $node
check_access $log $ZFS_ACL_OTHER1 $node $access $rflag
check_access $log $ZFS_ACL_OTHER2 $node $access $rflag
log_must usr_exec chmod A0- $node
log_must usr_exec chmod A0- $node
log_must usr_exec \
chmod A+group:$ZFS_ACL_OTHER_GROUP:$access:$flag $node
log_must usr_exec chmod A+user:$ZFS_ACL_OTHER1:$access:$rflag $node
$log rwx_node $ZFS_ACL_OTHER1 $node $access
$rlog rwx_node $ZFS_ACL_OTHER2 $node $access
log_must usr_exec chmod A0- $node
log_must usr_exec chmod A0- $node
}
log_assert "Verify that explicit ACL setting to specified user or group will" \
"override existed access rule."
log_onexit cleanup
set -A a_access "read_data" "write_data" "execute"
set -A a_flag "allow" "deny"
typeset node
for user in root $ZFS_ACL_STAFF1; do
log_must set_cur_usr $user
log_must usr_exec touch $testfile
log_must usr_exec mkdir $testdir
log_must usr_exec chmod 755 $testfile $testdir
for node in $testfile $testdir; do
for access in ${a_access[@]}; do
for flag in ${a_flag[@]}; do
verify_explicit_ACL_rule $node $access $flag
done
done
done
log_must usr_exec rm -rf $testfile $testdir
done
log_pass "Explicit ACL setting to specified user or group will override " \
"existed access rule passed."