#!/bin/ksh -p # # CDDL HEADER START # # The contents of this file are subject to the terms of the # Common Development and Distribution License (the "License"). # You may not use this file except in compliance with the License. # # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE # or http://www.opensolaris.org/os/licensing. # See the License for the specific language governing permissions # and limitations under the License. # # When distributing Covered Code, include this CDDL HEADER in each # file and include the License file at usr/src/OPENSOLARIS.LICENSE. # If applicable, add the following below this CDDL HEADER, with the # fields enclosed by brackets "[]" replaced with your own identifying # information: Portions Copyright [yyyy] [name of copyright owner] # # CDDL HEADER END # # # Copyright 2008 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # . $STF_SUITE/include/libtest.shlib . $STF_SUITE/tests/functional/acl/acl_common.kshlib # # Copyright (c) 2012 by Delphix. All rights reserved. # # # DESCRIPTION: # Verify that user can access file/directory if acltype=posix. # # STRATEGY: # 1. Test access to file (mode=rw-) # a. Can modify file # b. Can't create new file # b. Can't execute file # verify_runnable "both" function cleanup { rmdir $TESTDIR/dir.0 } log_assert "Verify acltype=posix works on file" log_onexit cleanup # Test access to FILE log_note "Testing access to FILE" log_must touch $TESTDIR/file.0 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/file.0 getfacl $TESTDIR/file.0 2> /dev/null | egrep -q \ "^group:$ZFS_ACL_STAFF_GROUP:rw-$" if [ "$?" -eq "0" ]; then # Should be able to write to file log_must user_run $ZFS_ACL_STAFF1 \ "echo 'echo test > /dev/null' > $TESTDIR/file.0" # Since $TESTDIR is 777, create a new dir with controlled permissions # for testing that creating a new file is not allowed. log_must mkdir $TESTDIR/dir.0 log_must chmod 700 $TESTDIR/dir.0 log_must setfacl -m g:$ZFS_ACL_STAFF_GROUP:rw $TESTDIR/dir.0 # Confirm permissions ls -l $TESTDIR |grep "dir.0" |grep -q "drwxrw----+" if [ "$?" -ne "0" ]; then msk=$(ls -l $TESTDIR |grep "dir.0" | awk '{print $1}') log_note "expected mask drwxrw----+ but found $msk" log_fail "Expected permissions were not set." fi getfacl $TESTDIR/dir.0 2> /dev/null | egrep -q \ "^group:$ZFS_ACL_STAFF_GROUP:rw-$" if [ "$?" -ne "0" ]; then acl=$(getfacl $TESTDIR/dir.0 2> /dev/null) log_note $acl log_fail "ACL group:$ZFS_ACL_STAFF_GROUP:rw- was not set." fi # Should NOT be able to create new file log_mustnot user_run $ZFS_ACL_STAFF1 "touch $TESTDIR/dir.0/file.1" # Root should be able to run file, but not user chmod +x $TESTDIR/file.0 log_must $TESTDIR/file.0 log_mustnot user_run $ZFS_ACL_STAFF1 $TESTDIR/file.0 log_pass "POSIX ACL mode works on files" else log_fail "Group '$ZFS_ACL_STAFF_GROUP' does not have 'rw' as specified" fi