xref: /illumos-gate/usr/src/test/zfs-tests/tests/functional/acl/nontrivial/zfs_acl_chmod_rwacl_001_pos.ksh (revision b6805bf78d2bbbeeaea8909a05623587b42d58b3) 
1#!/bin/ksh -p
2#
3# CDDL HEADER START
4#
5# The contents of this file are subject to the terms of the
6# Common Development and Distribution License (the "License").
7# You may not use this file except in compliance with the License.
8#
9# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10# or http://www.opensolaris.org/os/licensing.
11# See the License for the specific language governing permissions
12# and limitations under the License.
13#
14# When distributing Covered Code, include this CDDL HEADER in each
15# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16# If applicable, add the following below this CDDL HEADER, with the
17# fields enclosed by brackets "[]" replaced with your own identifying
18# information: Portions Copyright [yyyy] [name of copyright owner]
19#
20# CDDL HEADER END
21#
22
23#
24# Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
25# Use is subject to license terms.
26#
27
28. $STF_SUITE/tests/functional/acl/acl_common.kshlib
29
30#
31# DESCRIPTION:
32#	Verify assigned read_acl/write_acl to owner@/group@/everyone@,
33#	specificied user and group. File have the correct access permission.
34#
35# STRATEGY:
36#	1. Separatedly verify file and directory was assigned read_acl/write_acl
37#	   by root and non-root user.
38#	2. Verify owner always can read and write acl, even deny.
39#	3. Verify group access permission, when group was assigned
40#	   read_acl/write_acl.
41#	4. Verify access permission, after everyone was assigned read_acl/write.
42#	5. Verify everyone@ was deny except specificied user, this user can read
43#	   and write acl.
44#	6. Verify the group was deny except specified user, this user can read
45#	   and write acl
46#
47
48verify_runnable "both"
49
50log_assert "Verify chmod A[number]{+|-|=} read_acl/write_acl have correct " \
51	"behaviour to access permission."
52log_onexit cleanup
53
54function read_ACL #<node> <user1> <user2> ...
55{
56	typeset node=$1
57	typeset user
58	typeset -i ret
59
60	shift
61	for user in $@; do
62		chgusr_exec $user $LS -vd $node > /dev/null 2>&1
63		ret=$?
64		(( ret != 0 )) && return $ret
65
66		shift
67	done
68
69	return 0
70}
71
72function write_ACL #<node> <user1> <user2> ...
73{
74	typeset node=$1
75	typeset user
76	typeset -i ret before_cnt after_cnt
77
78	shift
79	for user in "$@"; do
80		before_cnt=$(count_ACE $node)
81		ret=$?;
82		(( ret != 0 )) && return $ret
83
84		chgusr_exec $user $CHMOD A0+owner@:read_data:allow $node
85		ret=$?
86		(( ret != 0 )) && return $ret
87
88		after_cnt=$(count_ACE $node)
89		ret=$?
90		(( ret != 0 )) && return $ret
91
92		chgusr_exec $user $CHMOD A0- $node
93		ret=$?
94		(( ret != 0 )) && return $ret
95
96		if (( after_cnt - before_cnt != 1 )); then
97			return 1
98		fi
99
100		shift
101	done
102
103	return 0
104}
105
106function check_owner #<node>
107{
108	typeset node=$1
109
110	for acc in allow deny; do
111		log_must usr_exec \
112			$CHMOD A0+owner@:read_acl/write_acl:$acc $node
113		log_must read_ACL $node $ZFS_ACL_CUR_USER
114		log_must write_ACL $node $ZFS_ACL_CUR_USER
115		log_must usr_exec $CHMOD A0- $node
116	done
117}
118
119function check_group #<node>
120{
121	typeset node=$1
122
123	typeset grp_usr=""
124	if [[ $ZFS_ACL_CUR_USER == root ]]; then
125		grp_usr=$ZFS_ACL_ADMIN
126	elif [[ $ZFS_ACL_CUR_USER == $ZFS_ACL_STAFF1 ]]; then
127		grp_usr=$ZFS_ACL_STAFF2
128	fi
129
130	log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:allow $node
131	log_must read_ACL $node $grp_usr
132	log_must write_ACL $node $grp_usr
133	log_must usr_exec $CHMOD A0- $node
134
135	log_must usr_exec $CHMOD A0+group@:read_acl/write_acl:deny $node
136	log_mustnot read_ACL $node $grp_usr
137	log_mustnot write_ACL $node $grp_usr
138	log_must usr_exec $CHMOD A0- $node
139}
140
141function check_everyone #<node>
142{
143	typeset node=$1
144
145	typeset flag
146	for flag in allow deny; do
147		if [[ $flag == allow ]]; then
148			log=log_must
149		else
150			log=log_mustnot
151		fi
152
153		log_must usr_exec \
154			$CHMOD A0+everyone@:read_acl/write_acl:$flag $node
155
156		$log read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
157		$log write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
158
159		log_must usr_exec $CHMOD A0- $node
160	done
161}
162
163function check_spec_user #<node>
164{
165	typeset node=$1
166
167	log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node
168	log_must usr_exec \
169		$CHMOD A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
170
171	# The specified user can read and write acl
172	log_must read_ACL $node $ZFS_ACL_OTHER1
173	log_must write_ACL $node $ZFS_ACL_OTHER1
174
175	# All the other user can't read and write acl
176	log_mustnot \
177		read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
178	log_mustnot \
179		write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2 $ZFS_ACL_OTHER2
180
181	log_must usr_exec $CHMOD A0- $node
182	log_must usr_exec $CHMOD A0- $node
183}
184
185function check_spec_group #<node>
186{
187	typeset node=$1
188
189	log_must usr_exec $CHMOD A0+everyone@:read_acl/write_acl:deny $node
190	log_must usr_exec $CHMOD \
191		A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:allow $node
192
193	# The specified group can read and write acl
194	log_must read_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
195	log_must write_ACL $node $ZFS_ACL_OTHER1 $ZFS_ACL_OTHER2
196
197	# All the other user can't read and write acl
198	log_mustnot read_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
199	log_mustnot write_ACL $node $ZFS_ACL_ADMIN $ZFS_ACL_STAFF2
200}
201
202function check_user_in_group #<node>
203{
204	typeset node=$1
205
206	log_must usr_exec $CHMOD \
207		A0+group:$ZFS_ACL_OTHER_GROUP:read_acl/write_acl:deny $node
208	log_must usr_exec $CHMOD \
209		A0+user:$ZFS_ACL_OTHER1:read_acl/write_acl:allow $node
210	log_must read_ACL $node $ZFS_ACL_OTHER1
211	log_must write_ACL $node $ZFS_ACL_OTHER1
212	log_mustnot read_ACL $node $ZFS_ACL_OTHER2
213	log_mustnot write_ACL $node $ZFS_ACL_OTHER2
214
215	log_must usr_exec $CHMOD A0- $node
216	log_must usr_exec $CHMOD A0- $node
217}
218
219set -A func_name check_owner \
220		check_group \
221		check_everyone \
222		check_spec_user \
223		check_spec_group \
224		check_user_in_group
225
226for user in root $ZFS_ACL_STAFF1; do
227	log_must set_cur_usr $user
228
229	log_must usr_exec $TOUCH $testfile
230	log_must usr_exec $MKDIR $testdir
231
232	typeset func node
233	for func in ${func_name[@]}; do
234		for node in $testfile $testdir; do
235			eval $func \$node
236		done
237	done
238
239	log_must usr_exec $RM -rf $testfile $testdir
240done
241
242log_pass "Verify chmod A[number]{+|-|=} read_acl/write_acl passed."
243