Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 7 Sep 2009 16:26:03 +0000 (UTC)
From:      Edward Tomasz Napierala <trasz@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r196938 - head/tools/regression/acltools
Message-ID:  <200909071626.n87GQ3al020449@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: trasz
Date: Mon Sep  7 16:26:03 2009
New Revision: 196938
URL: http://svn.freebsd.org/changeset/base/196938

Log:
  Add regression tests for NFSv4 ACLs and update POSIX.1e tests to the changed
  error messages.

Added:
  head/tools/regression/acltools/01.t   (contents, props changed)
  head/tools/regression/acltools/tools-nfs4.test   (contents, props changed)
Modified:
  head/tools/regression/acltools/00.t
  head/tools/regression/acltools/tools-posix.test

Modified: head/tools/regression/acltools/00.t
==============================================================================
--- head/tools/regression/acltools/00.t	Mon Sep  7 16:25:09 2009	(r196937)
+++ head/tools/regression/acltools/00.t	Mon Sep  7 16:26:03 2009	(r196938)
@@ -1,5 +1,32 @@
 #!/bin/sh
 #
+# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
 # This is a wrapper script to run tools-posix.test.
 #
 # If any of the tests fails, here is how to debug it: go to
@@ -9,9 +36,6 @@
 # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test
 #
 # Output should be obvious.
-#
-# $FreeBSD$
-#
 
 echo "1..4"
 
@@ -59,4 +83,3 @@ rmdir $MNT
 mdconfig -du $MD
 
 echo "ok 4"
-

Added: head/tools/regression/acltools/01.t
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/regression/acltools/01.t	Mon Sep  7 16:26:03 2009	(r196938)
@@ -0,0 +1,86 @@
+#!/bin/sh
+#
+# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# This is a wrapper script to run tools-nfs4.test on ZFS filesystem.
+#
+# WARNING: It uses hardcoded ZFS pool name "acltools"
+#
+# If any of the tests fails, here is how to debug it: go to
+# the directory with problematic filesystem mounted on it,
+# and do /path/to/test run /path/to/test tools-nfs4.test, e.g.
+#
+# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
+#
+# Output should be obvious.
+
+echo "1..4"
+
+if [ `whoami` != "root" ]; then
+	echo "not ok 1 - you need to be root to run this test."
+	exit 1
+fi
+
+TESTDIR=`dirname $0`
+
+# Set up the test filesystem.
+MD=`mdconfig -at swap -s 64m`
+MNT=`mktemp -dt acltools`
+zpool create -R $MNT acltools /dev/$MD
+if [ $? -ne 0 ]; then
+	echo "not ok 1 - 'zpool create' failed."
+	exit 1
+fi
+
+echo "ok 1"
+
+cd $MNT
+
+# First, check whether we can crash the kernel by creating too many
+# entries.  For some reason this won't work in the test file.
+touch xxx
+setfacl -x5 xxx
+while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done
+chmod 600 xxx
+rm xxx
+echo "ok 2"
+
+perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null
+
+if [ $? -eq 0 ]; then
+	echo "ok 3"
+else
+	echo "not ok 3"
+fi
+
+cd /
+zpool destroy -f acltools
+rmdir $MNT
+mdconfig -du $MD
+
+echo "ok 4"

Added: head/tools/regression/acltools/tools-nfs4.test
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/tools/regression/acltools/tools-nfs4.test	Mon Sep  7 16:26:03 2009	(r196938)
@@ -0,0 +1,829 @@
+# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# This is a tools-level test for NFSv4 ACL functionality.  Run it as root
+# using ACL-enabled kernel:
+#
+# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test
+#
+# WARNING: Creates files in unsafe way.
+
+$ whoami
+> root
+$ umask 022
+
+# Smoke test for getfacl(1).
+$ touch xxx
+$ getfacl xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ getfacl -q xxx
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Check verbose mode formatting.
+$ getfacl -v xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:execute::deny
+>             owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow
+>             group@:write_data/execute/append_data::deny
+>             group@:read_data::allow
+>          everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny
+>          everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow
+
+# Test setfacl -a.
+$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             user:0:-----------C--:------:allow
+>            group:1:----------c---:------:deny
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Test user and group name resolving.
+$ rm xxx
+$ touch xxx
+$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx
+$ getfacl xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>          user:root:-----------C--:------:allow
+>       group:daemon:----------c---:------:deny
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Check whether ls correctly marks files with "+".
+$ ls -l xxx | cut -d' ' -f1
+> -rw-r--r--+
+
+# Test removing entries by number.
+$ setfacl -x 4 xxx
+$ setfacl -x 4 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             user:0:-----------C--:------:allow
+>            group:1:----------c---:------:deny
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Test setfacl -m.
+$ setfacl -a0 everyone@:rwx:deny xxx
+$ setfacl -a0 everyone@:rwx:deny xxx
+$ setfacl -a0 everyone@:rwx:deny xxx
+$ setfacl -m everyone@::deny xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>          everyone@:--------------:------:deny
+>          everyone@:--------------:------:deny
+>          everyone@:--------------:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             user:0:-----------C--:------:allow
+>            group:1:----------c---:------:deny
+>          everyone@:--------------:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Test getfacl -i.
+$ getfacl -i xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>          everyone@:--------------:------:deny
+>          everyone@:--------------:------:deny
+>          everyone@:--------------:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>          user:root:-----------C--:------:allow:0
+>       group:daemon:----------c---:------:deny:1
+>          everyone@:--------------:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Make sure cp without any flags does not copy copy the ACL.
+$ cp xxx yyy
+$ ls -l yyy | cut -d' ' -f1
+> -rw-r--r--
+
+# Make sure it does with the "-p" flag.
+$ rm yyy
+$ cp -p xxx yyy
+$ getfacl -n yyy
+> # file: yyy
+> # owner: root
+> # group: wheel
+>          everyone@:--------------:------:deny
+>          everyone@:--------------:------:deny
+>          everyone@:--------------:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             user:0:-----------C--:------:allow
+>            group:1:----------c---:------:deny
+>          everyone@:--------------:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ rm yyy
+
+# Test removing entries by...  by example?
+$ setfacl -x everyone@::deny xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             user:0:-----------C--:------:allow
+>            group:1:----------c---:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+# Test setfacl -b.
+$ setfacl -b xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ ls -l xxx | cut -d' ' -f1
+> -rw-r--r--
+
+# Check setfacl(1) and getfacl(1) with multiple files.
+$ touch xxx yyy zzz
+
+$ ls -l xxx yyy zzz | cut -d' ' -f1
+> -rw-r--r--
+> -rw-r--r--
+> -rw-r--r--
+
+$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz
+> setfacl: nnn: stat() failed: No such file or directory
+
+$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
+> ls: nnn: No such file or directory
+> -rw-r--r--+
+> -rw-r--r--+
+> -rw-r--r--+
+
+$ getfacl -nq nnn xxx yyy zzz
+> getfacl: nnn: stat() failed: No such file or directory
+>            user:42:--x-----------:------:allow
+>           group:43:-w------------:------:allow
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+>
+>            user:42:--x-----------:------:allow
+>           group:43:-w------------:------:allow
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+>
+>            user:42:--x-----------:------:allow
+>           group:43:-w------------:------:allow
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ setfacl -b nnn xxx yyy zzz
+> setfacl: nnn: stat() failed: No such file or directory
+
+$ ls -l nnn xxx yyy zzz | cut -d' ' -f1
+> ls: nnn: No such file or directory
+> -rw-r--r--
+> -rw-r--r--
+> -rw-r--r--
+
+$ rm xxx yyy zzz
+
+# Test applying mode to an ACL.
+$ touch xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx
+$ chmod 600 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: root
+> # group: wheel
+>            user:42:r-------------:------:deny
+>            user:42:r-------------:------:allow
+>            user:43:-w------------:------:deny
+>            user:43:-w------------:------:allow
+>            user:44:--x-----------:------:deny
+>            user:44:--x-----------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:rwxp----------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:rwxp---A-W-Co-:------:deny
+>          everyone@:------a-R-c--s:------:allow
+$ ls -l xxx | cut -d' ' -f1
+> -rw-------+
+
+$ rm xxx
+$ touch xxx
+$ chown 42 xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
+$ chmod 600 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: 42
+> # group: wheel
+>            user:42:--------------:------:deny
+>            user:42:r-------------:------:allow
+>            user:43:-w------------:------:deny
+>            user:43:-w------------:------:allow
+>            user:44:--x-----------:------:deny
+>            user:44:--x-----------:------:allow
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:rwxp----------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:rwxp---A-W-Co-:------:deny
+>          everyone@:------a-R-c--s:------:allow
+$ ls -l xxx | cut -d' ' -f1
+> -rw-------+
+
+$ rm xxx
+$ touch xxx
+$ chown 43 xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
+$ chmod 124 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: 43
+> # group: wheel
+>            user:42:r-------------:------:deny
+>            user:42:r-------------:------:allow
+>            user:43:-w------------:------:deny
+>            user:43:-w------------:------:allow
+>            user:44:--x-----------:------:deny
+>            user:44:--x-----------:------:allow
+>             owner@:rw-p----------:------:deny
+>             owner@:--x----A-W-Co-:------:allow
+>             group@:r-x-----------:------:deny
+>             group@:-w-p----------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+$ ls -l xxx | cut -d' ' -f1
+> ---x-w-r--+
+
+$ rm xxx
+$ touch xxx
+$ chown 43 xxx
+$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx
+$ chmod 412 xxx
+$ getfacl -n xxx
+> # file: xxx
+> # owner: 43
+> # group: wheel
+>            user:42:r-------------:------:deny
+>            user:42:r-------------:------:allow
+>            user:43:-w------------:------:deny
+>            user:43:-w------------:------:allow
+>            user:44:--------------:------:deny
+>            user:44:--x-----------:------:allow
+>             owner@:-wxp----------:------:deny
+>             owner@:r------A-W-Co-:------:allow
+>             group@:rw-p----------:------:deny
+>             group@:--x-----------:------:allow
+>          everyone@:r-x----A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:------:allow
+$ ls -l xxx | cut -d' ' -f1
+> -r----x-w-+
+
+$ mkdir ddd
+$ setfacl -a0 group:44:rwapd:allow ddd
+$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
+$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
+$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: root
+> # group: wheel
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:-d----:allow
+>           group:43:-w--D---------:-d----:deny
+>             group@:-----da-------:------:allow
+>           group:44:rw-p-da-------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:rwxp---A-W-Co-:------:allow
+>             group@:-w-p----------:------:deny
+>             group@:r-x-----------:------:allow
+>          everyone@:-w-p---A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:f-i---:allow
+$ chmod 777 ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: root
+> # group: wheel
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:-di---:allow
+>           group:42:--------------:------:deny
+>           group:42:-w--D---------:------:allow
+>           group:43:-w--D---------:-di---:deny
+>           group:43:-w--D---------:------:deny
+>             group@:-----da-------:------:allow
+>           group:44:--------------:------:deny
+>           group:44:rw-p-da-------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:f-i---:allow
+>             owner@:--------------:------:deny
+>             owner@:rwxp---A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:rwxp----------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>          everyone@:rwxp--a-R-c--s:------:allow
+
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 group:44:rwapd:allow ddd
+$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
+$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
+$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
+$ chmod 124 ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: root
+> # group: wheel
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:-di---:allow
+>           group:42:--------------:------:deny
+>           group:42:----D---------:------:allow
+>           group:43:-w--D---------:-di---:deny
+>           group:43:-w--D---------:------:deny
+>             group@:-----da-------:------:allow
+>           group:44:r-------------:------:deny
+>           group:44:r----da-------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:f-i---:allow
+>             owner@:rw-p----------:------:deny
+>             owner@:--x----A-W-Co-:------:allow
+>             group@:r-x-----------:------:deny
+>             group@:-w-p----------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 group:44:rwapd:allow ddd
+$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
+$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
+$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
+$ chmod 412 ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: root
+> # group: wheel
+>            user:42:r-------------:------:deny
+>            user:42:r-x-----------:------:allow
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:-di---:allow
+>           group:42:-w------------:------:deny
+>           group:42:-w--D---------:------:allow
+>           group:43:-w--D---------:-di---:deny
+>           group:43:-w--D---------:------:deny
+>             group@:-----da-------:------:allow
+>           group:44:rw-p----------:------:deny
+>           group:44:rw-p-da-------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:f-i---:allow
+>             owner@:-wxp----------:------:deny
+>             owner@:r------A-W-Co-:------:allow
+>             group@:rw-p----------:------:deny
+>             group@:--x-----------:------:allow
+>          everyone@:r-x----A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:------:allow
+
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 group:44:rwapd:allow ddd
+$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd
+$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd
+$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd
+$ chown 42 ddd
+$ chmod 412 ddd
+$ getfacl -n ddd
+> # file: ddd
+> # owner: 42
+> # group: wheel
+>            user:42:--x-----------:------:deny
+>            user:42:r-x-----------:------:allow
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:-di---:allow
+>           group:42:-w------------:------:deny
+>           group:42:-w--D---------:------:allow
+>           group:43:-w--D---------:-di---:deny
+>           group:43:-w--D---------:------:deny
+>             group@:-----da-------:------:allow
+>           group:44:rw-p----------:------:deny
+>           group:44:rw-p-da-------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:f-i---:allow
+>             owner@:-wxp----------:------:deny
+>             owner@:r------A-W-Co-:------:allow
+>             group@:rw-p----------:------:deny
+>             group@:--x-----------:------:allow
+>          everyone@:r-x----A-W-Co-:------:deny
+>          everyone@:-w-p--a-R-c--s:------:allow
+
+# Test applying ACL to mode.
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 u:42:rwx:fi:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> drwxr-xr-x+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr----x---+
+
+# XXX: This one is fishy.  Shouldn't it be "dr---wx---+"?
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr---wx---+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr--------+
+
+$ rmdir ddd
+$ mkdir ddd
+$ chmod 0 ddd
+$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd
+$ ls -ld ddd | cut -d' ' -f1
+> dr--------+
+
+# Test inheritance.
+$ rmdir ddd
+$ mkdir ddd
+$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd
+$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd
+$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd
+$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd
+$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd
+$ getfacl -qn ddd
+>            user:41:-w-----A------:f--n--:allow
+>           group:41:r-----a-------:-din--:allow
+>            user:42:-----------Co-:f-i---:allow
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:-d-n--:deny
+>           group:43:-w---------C--:f-in--:deny
+>            user:43:rwxp----------:------:allow
+>             owner@:--------------:------:deny
+>             owner@:rwxp---A-W-Co-:------:allow
+>             group@:-w-p----------:------:deny
+>             group@:r-x-----------:------:allow
+>          everyone@:-w-p---A-W-Co-:------:deny
+>          everyone@:r-x---a-R-c--s:------:allow
+
+$ cd ddd
+$ touch xxx
+$ getfacl -qn xxx
+>            user:41:-w------------:------:deny
+>            user:41:-w-----A------:------:allow
+>            user:42:--------------:------:deny
+>            user:42:--------------:------:allow
+>            user:42:--x-----------:------:deny
+>            user:42:r-x-----------:------:allow
+>           group:43:-w---------C--:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ rm xxx
+$ umask 077
+$ touch xxx
+$ getfacl -qn xxx
+>            user:41:-w------------:------:deny
+>            user:41:-w-----A------:------:allow
+>            user:42:--------------:------:deny
+>            user:42:--------------:------:allow
+>            user:42:r-x-----------:------:deny
+>            user:42:r-x-----------:------:allow
+>           group:43:-w---------C--:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:rwxp----------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:rwxp---A-W-Co-:------:deny
+>          everyone@:------a-R-c--s:------:allow
+
+$ rm xxx
+$ umask 770
+$ touch xxx
+$ getfacl -qn xxx
+>            user:41:-w------------:------:deny
+>            user:41:-w-----A------:------:allow
+>            user:42:--------------:------:deny
+>            user:42:--------------:------:allow
+>            user:42:r-x-----------:------:deny
+>            user:42:r-x-----------:------:allow
+>           group:43:-w---------C--:------:deny
+>             owner@:rwxp----------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:rwxp----------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:--x----A-W-Co-:------:deny
+>          everyone@:rw-p--a-R-c--s:------:allow
+
+$ rm xxx
+$ umask 707
+$ touch xxx
+$ getfacl -qn xxx
+>            user:41:--------------:------:deny
+>            user:41:-w-----A------:------:allow
+>            user:42:--------------:------:deny
+>            user:42:--------------:------:allow
+>            user:42:--x-----------:------:deny
+>            user:42:r-x-----------:------:allow
+>           group:43:-w---------C--:------:deny
+>             owner@:rwxp----------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--x-----------:------:deny
+>             group@:rw-p----------:------:allow
+>          everyone@:rwxp---A-W-Co-:------:deny
+>          everyone@:------a-R-c--s:------:allow
+
+$ umask 077
+$ mkdir yyy
+$ getfacl -qn yyy
+>           group:41:r-------------:------:deny
+>           group:41:r-----a-------:------:allow
+>            user:42:-----------Co-:f-i---:allow
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:------:deny
+>             owner@:--------------:------:deny
+>             owner@:rwxp---A-W-Co-:------:allow
+>             group@:rwxp----------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:rwxp---A-W-Co-:------:deny
+>          everyone@:------a-R-c--s:------:allow
+
+$ rmdir yyy
+$ umask 770
+$ mkdir yyy
+$ getfacl -qn yyy
+>           group:41:r-------------:------:deny
+>           group:41:r-----a-------:------:allow
+>            user:42:-----------Co-:f-i---:allow
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:------:deny
+>             owner@:rwxp----------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:rwxp----------:------:deny
+>             group@:--------------:------:allow
+>          everyone@:-------A-W-Co-:------:deny
+>          everyone@:rwxp--a-R-c--s:------:allow
+
+$ rmdir yyy
+$ umask 707
+$ mkdir yyy
+$ getfacl -qn yyy
+>           group:41:--------------:------:deny
+>           group:41:------a-------:------:allow
+>            user:42:-----------Co-:f-i---:allow
+>            user:42:r-x-----------:f-i---:allow
+>           group:42:-w--D---------:------:deny
+>             owner@:rwxp----------:------:deny
+>             owner@:-------A-W-Co-:------:allow
+>             group@:--------------:------:deny
+>             group@:rwxp----------:------:allow
+>          everyone@:rwxp---A-W-Co-:------:deny
+>          everyone@:------a-R-c--s:------:allow
+
+# There is some complication regarding how write_acl and write_owner flags
+# get inherited.  Make sure we got it right.
+$ setfacl -b .
+$ setfacl -a0 u:42:Co:f:allow .
+$ setfacl -a0 u:43:Co:d:allow .
+$ setfacl -a0 u:44:Co:fd:allow .
+$ setfacl -a0 u:45:Co:fi:allow .
+$ setfacl -a0 u:46:Co:di:allow .
+$ setfacl -a0 u:47:Co:fdi:allow .
+$ setfacl -a0 u:48:Co:fn:allow .
+$ setfacl -a0 u:49:Co:dn:allow .
+$ setfacl -a0 u:50:Co:fdn:allow .
+$ setfacl -a0 u:51:Co:fni:allow .
+$ setfacl -a0 u:52:Co:dni:allow .
+$ setfacl -a0 u:53:Co:fdni:allow .
+$ umask 022
+$ rm xxx
+$ touch xxx
+$ getfacl -nq xxx
+>            user:53:--------------:------:deny
+>            user:53:--------------:------:allow
+>            user:51:--------------:------:deny
+>            user:51:--------------:------:allow
+>            user:50:--------------:------:deny
+>            user:50:--------------:------:allow
+>            user:48:--------------:------:deny
+>            user:48:--------------:------:allow
+>            user:47:--------------:------:deny
+>            user:47:--------------:------:allow
+>            user:45:--------------:------:deny
+>            user:45:--------------:------:allow
+>            user:44:--------------:------:deny
+>            user:44:--------------:------:allow
+>            user:42:--------------:------:deny
+>            user:42:--------------:------:allow
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ rmdir yyy
+$ mkdir yyy
+$ getfacl -nq yyy
+>            user:53:--------------:------:deny
+>            user:53:--------------:------:allow
+>            user:52:--------------:------:deny
+>            user:52:--------------:------:allow
+>            user:50:--------------:------:deny
+>            user:50:--------------:------:allow
+>            user:49:--------------:------:deny
+>            user:49:--------------:------:allow
+>            user:47:-----------Co-:fdi---:allow
+>            user:47:--------------:------:deny
+>            user:47:--------------:------:allow
+>            user:46:-----------Co-:-di---:allow
+>            user:46:--------------:------:deny
+>            user:46:--------------:------:allow
+>            user:45:-----------Co-:f-i---:allow
+>            user:44:-----------Co-:fdi---:allow
+>            user:44:--------------:------:deny
+>            user:44:--------------:------:allow
+>            user:43:-----------Co-:-di---:allow
+>            user:43:--------------:------:deny
+>            user:43:--------------:------:allow
+>            user:42:-----------Co-:f-i---:allow
+>             owner@:--------------:------:deny
+>             owner@:rwxp---A-W-Co-:------:allow
+>             group@:-w-p----------:------:deny
+>             group@:r-x-----------:------:allow
+>          everyone@:-w-p---A-W-Co-:------:deny
+>          everyone@:r-x---a-R-c--s:------:allow
+
+$ setfacl -b .
+$ setfacl -a0 u:42:Co:f:deny .
+$ setfacl -a0 u:43:Co:d:deny .
+$ setfacl -a0 u:44:Co:fd:deny .
+$ setfacl -a0 u:45:Co:fi:deny .
+$ setfacl -a0 u:46:Co:di:deny .
+$ setfacl -a0 u:47:Co:fdi:deny .
+$ setfacl -a0 u:48:Co:fn:deny .
+$ setfacl -a0 u:49:Co:dn:deny .
+$ setfacl -a0 u:50:Co:fdn:deny .
+$ setfacl -a0 u:51:Co:fni:deny .
+$ setfacl -a0 u:52:Co:dni:deny .
+$ setfacl -a0 u:53:Co:fdni:deny .
+$ umask 022
+$ rm xxx
+$ touch xxx
+$ getfacl -nq xxx
+>            user:53:-----------Co-:------:deny
+>            user:51:-----------Co-:------:deny
+>            user:50:-----------Co-:------:deny
+>            user:48:-----------Co-:------:deny
+>            user:47:-----------Co-:------:deny
+>            user:45:-----------Co-:------:deny
+>            user:44:-----------Co-:------:deny
+>            user:42:-----------Co-:------:deny
+>             owner@:--x-----------:------:deny
+>             owner@:rw-p---A-W-Co-:------:allow
+>             group@:-wxp----------:------:deny
+>             group@:r-------------:------:allow
+>          everyone@:-wxp---A-W-Co-:------:deny
+>          everyone@:r-----a-R-c--s:------:allow
+
+$ rmdir yyy
+$ mkdir yyy
+$ getfacl -nq yyy
+>            user:53:-----------Co-:------:deny
+>            user:52:-----------Co-:------:deny
+>            user:50:-----------Co-:------:deny
+>            user:49:-----------Co-:------:deny
+>            user:47:-----------Co-:fdi---:deny
+>            user:47:-----------Co-:------:deny
+>            user:46:-----------Co-:-di---:deny
+>            user:46:-----------Co-:------:deny
+>            user:45:-----------Co-:f-i---:deny
+>            user:44:-----------Co-:fdi---:deny
+>            user:44:-----------Co-:------:deny
+>            user:43:-----------Co-:-di---:deny
+>            user:43:-----------Co-:------:deny
+>            user:42:-----------Co-:f-i---:deny
+>             owner@:--------------:------:deny
+>             owner@:rwxp---A-W-Co-:------:allow
+>             group@:-w-p----------:------:deny
+>             group@:r-x-----------:------:allow
+>          everyone@:-w-p---A-W-Co-:------:deny
+>          everyone@:r-x---a-R-c--s:------:allow
+
+$ rmdir yyy
+$ rm xxx
+$ cd ..
+$ rmdir ddd
+
+$ rm xxx
+

Modified: head/tools/regression/acltools/tools-posix.test
==============================================================================
--- head/tools/regression/acltools/tools-posix.test	Mon Sep  7 16:25:09 2009	(r196937)
+++ head/tools/regression/acltools/tools-posix.test	Mon Sep  7 16:26:03 2009	(r196938)
@@ -1,11 +1,36 @@
+# Copyright (c) 2008, 2009 Edward Tomasz Napierała <trasz@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#

*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909071626.n87GQ3al020449>