1#!/bin/ksh -p 2# 3# CDDL HEADER START 4# 5# The contents of this file are subject to the terms of the 6# Common Development and Distribution License (the "License"). 7# You may not use this file except in compliance with the License. 8# 9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10# or http://www.opensolaris.org/os/licensing. 11# See the License for the specific language governing permissions 12# and limitations under the License. 13# 14# When distributing Covered Code, include this CDDL HEADER in each 15# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16# If applicable, add the following below this CDDL HEADER, with the 17# fields enclosed by brackets "[]" replaced with your own identifying 18# information: Portions Copyright [yyyy] [name of copyright owner] 19# 20# CDDL HEADER END 21# 22 23# 24# Copyright 2009 Sun Microsystems, Inc. All rights reserved. 25# Use is subject to license terms. 26# 27 28# 29# Copyright (c) 2012 by Delphix. All rights reserved. 30# 31 32. $STF_SUITE/tests/functional/acl/acl_common.kshlib 33 34# 35# DESCRIPTION: 36# Verify aclinherit=passthrough-x will inherit the 'x' bits while mode request. 37# 38# STRATEGY: 39# 1. Loop super user and non-super user to run the test case. 40# 2. Create basedir and a set of subdirectores and files within it. 41# 3. Set aclinherit=passthrough-x 42# 4. Verify only passthrough-x will inherit the 'x' bits while mode request. 43# 44 45verify_runnable "both" 46 47function cleanup 48{ 49 if [[ -d $basedir ]]; then 50 log_must $RM -rf $basedir 51 fi 52} 53$ZPOOL upgrade -v 54$ZPOOL upgrade -v | $GREP "passthrough-x aclinherit" > /dev/null 2>&1 55if (($? != 0)); then 56 log_unsupported "passthrough-x aclinherit not supported." 57fi 58 59log_assert "Verify aclinherit=passthrough-x will inherit the 'x' bits while" \ 60 " mode request." 61log_onexit cleanup 62 63set -A aces \ 64 "owner@:read_data/write_data/add_subdirectory/append_data/execute:dir_inherit/inherit_only:allow" \ 65 "owner@:read_data/write_data/add_subdirectory/append_data/execute::allow" \ 66 "group@:add_subdirectory/append_data/execute:dir_inherit/inherit_only:allow" \ 67 "group@:add_subdirectory/append_data/execute::allow" \ 68 "everyone@:add_subdirectory/append_data/execute:dir_inherit/inherit_only:allow" \ 69 "everyone@:add_subdirectory/append_data/execute::allow" \ 70 "owner@:read_data/write_data/add_subdirectory/append_data/execute:file_inherit/inherit_only:allow" \ 71 "group@:read_data/add_subdirectory/append_data/execute:file_inherit/inherit_only:allow" \ 72 "everyone@:read_data/add_subdirectory/append_data/execute:file_inherit/inherit_only:allow" 73 74# Defile the based directory and file 75basedir=$TESTDIR/basedir 76 77 78# 79# According to inherited flag, verify subdirectories and files within it has 80# correct inherited access control. 81# 82function verify_inherit # <object> 83{ 84 typeset obj=$1 85 86 # Define the files and directories will be created after chmod 87 ndir1=$obj/ndir1; ndir2=$ndir1/ndir2 88 nfile1=$ndir1/nfile1.c; nfile2=$ndir1/nfile2 89 90 log_must usr_exec $MKDIR -p $ndir1 91 92 typeset -i i=0 93 while ((i < ${#aces[*]})); do 94 if ((i < 3)); then 95 log_must usr_exec $CHMOD A$i=${aces[i]} $ndir1 96 else 97 log_must usr_exec $CHMOD A$i+${aces[i]} $ndir1 98 fi 99 ((i = i + 1)) 100 done 101 log_must usr_exec $MKDIR -p $ndir2 102 log_must usr_exec $TOUCH $nfile1 103 104 $CAT > $nfile1 <<EOF 105#include <stdlib.h> 106#include <stdio.h> 107int main() 108{ return 0; } 109EOF 110 111 mode=$(get_mode $ndir2) 112 if [[ $mode != "drwx--x--x"* ]]; then 113 log_fail "Unexpect mode of $ndir2, expect: drwx--x--x, current: $mode" 114 fi 115 116 mode=$(get_mode $nfile1) 117 if [[ $mode != "-rw-r--r--"* ]]; then 118 log_fail "Unexpect mode of $nfile1, expect: -rw-r--r--, current: $mode" 119 fi 120 121 if [[ -x /usr/sfw/bin/gcc ]]; then 122 log_must /usr/sfw/bin/gcc -o $nfile2 $nfile1 123 mode=$(get_mode $nfile2) 124 if [[ $mode != "-rwxr-xr-x"* ]]; then 125 log_fail "Unexpect mode of $nfile2, expect: -rwxr-xr-x, current: $mode" 126 fi 127 fi 128} 129 130# 131# Set aclmode=passthrough to make sure 132# the acl will not change during chmod. 133# A general testing should verify the combination of 134# aclmode/aclinherit works well, 135# here we just simple test them separately. 136# 137 138log_must $ZFS set aclmode=passthrough $TESTPOOL/$TESTFS 139log_must $ZFS set aclinherit=passthrough-x $TESTPOOL/$TESTFS 140 141for user in root $ZFS_ACL_STAFF1; do 142 log_must set_cur_usr $user 143 144 verify_inherit $basedir 145 146 cleanup 147done 148 149log_pass "Verify aclinherit=passthrough-x will inherit the 'x' bits while mode request." 150