From owner-svn-src-all@FreeBSD.ORG Mon Sep 7 16:26:03 2009 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB095106566B; Mon, 7 Sep 2009 16:26:03 +0000 (UTC) (envelope-from trasz@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D7EF98FC15; Mon, 7 Sep 2009 16:26:03 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id n87GQ3b4020454; Mon, 7 Sep 2009 16:26:03 GMT (envelope-from trasz@svn.freebsd.org) Received: (from trasz@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id n87GQ3al020449; Mon, 7 Sep 2009 16:26:03 GMT (envelope-from trasz@svn.freebsd.org) Message-Id: <200909071626.n87GQ3al020449@svn.freebsd.org> From: Edward Tomasz Napierala Date: Mon, 7 Sep 2009 16:26:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r196938 - head/tools/regression/acltools X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Sep 2009 16:26:04 -0000 Author: trasz Date: Mon Sep 7 16:26:03 2009 New Revision: 196938 URL: http://svn.freebsd.org/changeset/base/196938 Log: Add regression tests for NFSv4 ACLs and update POSIX.1e tests to the changed error messages. Added: head/tools/regression/acltools/01.t (contents, props changed) head/tools/regression/acltools/tools-nfs4.test (contents, props changed) Modified: head/tools/regression/acltools/00.t head/tools/regression/acltools/tools-posix.test Modified: head/tools/regression/acltools/00.t ============================================================================== --- head/tools/regression/acltools/00.t Mon Sep 7 16:25:09 2009 (r196937) +++ head/tools/regression/acltools/00.t Mon Sep 7 16:26:03 2009 (r196938) @@ -1,5 +1,32 @@ #!/bin/sh # +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + # This is a wrapper script to run tools-posix.test. # # If any of the tests fails, here is how to debug it: go to @@ -9,9 +36,6 @@ # /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-posix.test # # Output should be obvious. -# -# $FreeBSD$ -# echo "1..4" @@ -59,4 +83,3 @@ rmdir $MNT mdconfig -du $MD echo "ok 4" - Added: head/tools/regression/acltools/01.t ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/regression/acltools/01.t Mon Sep 7 16:26:03 2009 (r196938) @@ -0,0 +1,86 @@ +#!/bin/sh +# +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a wrapper script to run tools-nfs4.test on ZFS filesystem. +# +# WARNING: It uses hardcoded ZFS pool name "acltools" +# +# If any of the tests fails, here is how to debug it: go to +# the directory with problematic filesystem mounted on it, +# and do /path/to/test run /path/to/test tools-nfs4.test, e.g. +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# Output should be obvious. + +echo "1..4" + +if [ `whoami` != "root" ]; then + echo "not ok 1 - you need to be root to run this test." + exit 1 +fi + +TESTDIR=`dirname $0` + +# Set up the test filesystem. +MD=`mdconfig -at swap -s 64m` +MNT=`mktemp -dt acltools` +zpool create -R $MNT acltools /dev/$MD +if [ $? -ne 0 ]; then + echo "not ok 1 - 'zpool create' failed." + exit 1 +fi + +echo "ok 1" + +cd $MNT + +# First, check whether we can crash the kernel by creating too many +# entries. For some reason this won't work in the test file. +touch xxx +setfacl -x5 xxx +while :; do setfacl -a0 u:42:rwx:allow xxx 2> /dev/null; if [ $? -ne 0 ]; then break; fi; done +chmod 600 xxx +rm xxx +echo "ok 2" + +perl $TESTDIR/run $TESTDIR/tools-nfs4.test > /dev/null + +if [ $? -eq 0 ]; then + echo "ok 3" +else + echo "not ok 3" +fi + +cd / +zpool destroy -f acltools +rmdir $MNT +mdconfig -du $MD + +echo "ok 4" Added: head/tools/regression/acltools/tools-nfs4.test ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/tools/regression/acltools/tools-nfs4.test Mon Sep 7 16:26:03 2009 (r196938) @@ -0,0 +1,829 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# + +# This is a tools-level test for NFSv4 ACL functionality. Run it as root +# using ACL-enabled kernel: +# +# /usr/src/tools/regression/acltools/run /usr/src/tools/regression/acltools/tools-nfs4.test +# +# WARNING: Creates files in unsafe way. + +$ whoami +> root +$ umask 022 + +# Smoke test for getfacl(1). +$ touch xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ getfacl -q xxx +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Check verbose mode formatting. +$ getfacl -v xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:execute::deny +> owner@:read_data/write_data/append_data/write_attributes/write_xattr/write_acl/write_owner::allow +> group@:write_data/execute/append_data::deny +> group@:read_data::allow +> everyone@:write_data/execute/append_data/write_attributes/write_xattr/write_acl/write_owner::deny +> everyone@:read_data/read_attributes/read_xattr/read_acl/synchronize::allow + +# Test setfacl -a. +$ setfacl -a2 u:0:write_acl:allow,g:1:read_acl:deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:0:-----------C--:------:allow +> group:1:----------c---:------:deny +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Test user and group name resolving. +$ rm xxx +$ touch xxx +$ setfacl -a2 u:root:write_acl:allow,g:daemon:read_acl:deny xxx +$ getfacl xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:root:-----------C--:------:allow +> group:daemon:----------c---:------:deny +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Check whether ls correctly marks files with "+". +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r--+ + +# Test removing entries by number. +$ setfacl -x 4 xxx +$ setfacl -x 4 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:0:-----------C--:------:allow +> group:1:----------c---:------:deny +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Test setfacl -m. +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -a0 everyone@:rwx:deny xxx +$ setfacl -m everyone@::deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> everyone@:--------------:------:deny +> everyone@:--------------:------:deny +> everyone@:--------------:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:0:-----------C--:------:allow +> group:1:----------c---:------:deny +> everyone@:--------------:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Test getfacl -i. +$ getfacl -i xxx +> # file: xxx +> # owner: root +> # group: wheel +> everyone@:--------------:------:deny +> everyone@:--------------:------:deny +> everyone@:--------------:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:root:-----------C--:------:allow:0 +> group:daemon:----------c---:------:deny:1 +> everyone@:--------------:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Make sure cp without any flags does not copy copy the ACL. +$ cp xxx yyy +$ ls -l yyy | cut -d' ' -f1 +> -rw-r--r-- + +# Make sure it does with the "-p" flag. +$ rm yyy +$ cp -p xxx yyy +$ getfacl -n yyy +> # file: yyy +> # owner: root +> # group: wheel +> everyone@:--------------:------:deny +> everyone@:--------------:------:deny +> everyone@:--------------:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:0:-----------C--:------:allow +> group:1:----------c---:------:deny +> everyone@:--------------:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ rm yyy + +# Test removing entries by... by example? +$ setfacl -x everyone@::deny xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> user:0:-----------C--:------:allow +> group:1:----------c---:------:deny +> everyone@:r-----a-R-c--s:------:allow + +# Test setfacl -b. +$ setfacl -b xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ ls -l xxx | cut -d' ' -f1 +> -rw-r--r-- + +# Check setfacl(1) and getfacl(1) with multiple files. +$ touch xxx yyy zzz + +$ ls -l xxx yyy zzz | cut -d' ' -f1 +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ setfacl -m u:42:x:allow,g:43:w:allow nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r--+ +> -rw-r--r--+ +> -rw-r--r--+ + +$ getfacl -nq nnn xxx yyy zzz +> getfacl: nnn: stat() failed: No such file or directory +> user:42:--x-----------:------:allow +> group:43:-w------------:------:allow +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow +> +> user:42:--x-----------:------:allow +> group:43:-w------------:------:allow +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow +> +> user:42:--x-----------:------:allow +> group:43:-w------------:------:allow +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ setfacl -b nnn xxx yyy zzz +> setfacl: nnn: stat() failed: No such file or directory + +$ ls -l nnn xxx yyy zzz | cut -d' ' -f1 +> ls: nnn: No such file or directory +> -rw-r--r-- +> -rw-r--r-- +> -rw-r--r-- + +$ rm xxx yyy zzz + +# Test applying mode to an ACL. +$ touch xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow -x everyone@::allow xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: root +> # group: wheel +> user:42:r-------------:------:deny +> user:42:r-------------:------:allow +> user:43:-w------------:------:deny +> user:43:-w------------:------:allow +> user:44:--x-----------:------:deny +> user:44:--x-----------:------:allow +> owner@:--------------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:--------------:------:allow +> everyone@:-------A-W-Co-:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:rwxp----------:------:deny +> group@:--------------:------:allow +> everyone@:rwxp---A-W-Co-:------:deny +> everyone@:------a-R-c--s:------:allow +$ ls -l xxx | cut -d' ' -f1 +> -rw-------+ + +$ rm xxx +$ touch xxx +$ chown 42 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 600 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 42 +> # group: wheel +> user:42:--------------:------:deny +> user:42:r-------------:------:allow +> user:43:-w------------:------:deny +> user:43:-w------------:------:allow +> user:44:--x-----------:------:deny +> user:44:--x-----------:------:allow +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:rwxp----------:------:deny +> group@:--------------:------:allow +> everyone@:rwxp---A-W-Co-:------:deny +> everyone@:------a-R-c--s:------:allow +$ ls -l xxx | cut -d' ' -f1 +> -rw-------+ + +$ rm xxx +$ touch xxx +$ chown 43 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 124 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 43 +> # group: wheel +> user:42:r-------------:------:deny +> user:42:r-------------:------:allow +> user:43:-w------------:------:deny +> user:43:-w------------:------:allow +> user:44:--x-----------:------:deny +> user:44:--x-----------:------:allow +> owner@:rw-p----------:------:deny +> owner@:--x----A-W-Co-:------:allow +> group@:r-x-----------:------:deny +> group@:-w-p----------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow +$ ls -l xxx | cut -d' ' -f1 +> ---x-w-r--+ + +$ rm xxx +$ touch xxx +$ chown 43 xxx +$ setfacl -a0 user:42:r:allow,user:43:w:deny,user:43:w:allow,user:44:x:allow xxx +$ chmod 412 xxx +$ getfacl -n xxx +> # file: xxx +> # owner: 43 +> # group: wheel +> user:42:r-------------:------:deny +> user:42:r-------------:------:allow +> user:43:-w------------:------:deny +> user:43:-w------------:------:allow +> user:44:--------------:------:deny +> user:44:--x-----------:------:allow +> owner@:-wxp----------:------:deny +> owner@:r------A-W-Co-:------:allow +> group@:rw-p----------:------:deny +> group@:--x-----------:------:allow +> everyone@:r-x----A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:------:allow +$ ls -l xxx | cut -d' ' -f1 +> -r----x-w-+ + +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:-d----:allow +> group:43:-w--D---------:-d----:deny +> group@:-----da-------:------:allow +> group:44:rw-p-da-------:------:allow +> owner@:--------------:------:deny +> owner@:rwxp---A-W-Co-:------:allow +> group@:-w-p----------:------:deny +> group@:r-x-----------:------:allow +> everyone@:-w-p---A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:f-i---:allow +$ chmod 777 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:-di---:allow +> group:42:--------------:------:deny +> group:42:-w--D---------:------:allow +> group:43:-w--D---------:-di---:deny +> group:43:-w--D---------:------:deny +> group@:-----da-------:------:allow +> group:44:--------------:------:deny +> group:44:rw-p-da-------:------:allow +> owner@:--------------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:--------------:------:allow +> everyone@:-------A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:f-i---:allow +> owner@:--------------:------:deny +> owner@:rwxp---A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:rwxp----------:------:allow +> everyone@:-------A-W-Co-:------:deny +> everyone@:rwxp--a-R-c--s:------:allow + +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ chmod 124 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:-di---:allow +> group:42:--------------:------:deny +> group:42:----D---------:------:allow +> group:43:-w--D---------:-di---:deny +> group:43:-w--D---------:------:deny +> group@:-----da-------:------:allow +> group:44:r-------------:------:deny +> group:44:r----da-------:------:allow +> owner@:--------------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:--------------:------:allow +> everyone@:-------A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:f-i---:allow +> owner@:rw-p----------:------:deny +> owner@:--x----A-W-Co-:------:allow +> group@:r-x-----------:------:deny +> group@:-w-p----------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ chmod 412 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: root +> # group: wheel +> user:42:r-------------:------:deny +> user:42:r-x-----------:------:allow +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:-di---:allow +> group:42:-w------------:------:deny +> group:42:-w--D---------:------:allow +> group:43:-w--D---------:-di---:deny +> group:43:-w--D---------:------:deny +> group@:-----da-------:------:allow +> group:44:rw-p----------:------:deny +> group:44:rw-p-da-------:------:allow +> owner@:--------------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:--------------:------:allow +> everyone@:-------A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:f-i---:allow +> owner@:-wxp----------:------:deny +> owner@:r------A-W-Co-:------:allow +> group@:rw-p----------:------:deny +> group@:--x-----------:------:allow +> everyone@:r-x----A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:------:allow + +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:44:rwapd:allow ddd +$ setfacl -a0 group:43:write_data/delete_child:d:deny,group@:ad:allow ddd +$ setfacl -a0 user:42:rx:allow,user:42:rx:fi:allow,group:42:write_data/delete_child:d:allow ddd +$ setfacl -m everyone@:-w-p--a-R-c--s:fi:allow ddd +$ chown 42 ddd +$ chmod 412 ddd +$ getfacl -n ddd +> # file: ddd +> # owner: 42 +> # group: wheel +> user:42:--x-----------:------:deny +> user:42:r-x-----------:------:allow +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:-di---:allow +> group:42:-w------------:------:deny +> group:42:-w--D---------:------:allow +> group:43:-w--D---------:-di---:deny +> group:43:-w--D---------:------:deny +> group@:-----da-------:------:allow +> group:44:rw-p----------:------:deny +> group:44:rw-p-da-------:------:allow +> owner@:--------------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:--------------:------:allow +> everyone@:-------A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:f-i---:allow +> owner@:-wxp----------:------:deny +> owner@:r------A-W-Co-:------:allow +> group@:rw-p----------:------:deny +> group@:--x-----------:------:allow +> everyone@:r-x----A-W-Co-:------:deny +> everyone@:-w-p--a-R-c--s:------:allow + +# Test applying ACL to mode. +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 u:42:rwx:fi:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> drwxr-xr-x+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group@:w:deny,group@:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr----x---+ + +# XXX: This one is fishy. Shouldn't it be "dr---wx---+"? +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group@:w:fi:deny,group@:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr---wx---+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,group:43:w:deny,group:43:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr--------+ + +$ rmdir ddd +$ mkdir ddd +$ chmod 0 ddd +$ setfacl -a0 owner@:r:allow,user:43:w:deny,user:43:wx:allow ddd +$ ls -ld ddd | cut -d' ' -f1 +> dr--------+ + +# Test inheritance. +$ rmdir ddd +$ mkdir ddd +$ setfacl -a0 group:43:write_data/write_acl:fin:deny,u:43:rwxp:allow ddd +$ setfacl -a0 user:42:rx:fi:allow,group:42:write_data/delete_child:dn:deny ddd +$ setfacl -a0 user:42:write_acl/write_owner:fi:allow ddd +$ setfacl -a0 group:41:read_data/read_attributes:dni:allow ddd +$ setfacl -a0 user:41:write_data/write_attributes:fn:allow ddd +$ getfacl -qn ddd +> user:41:-w-----A------:f--n--:allow +> group:41:r-----a-------:-din--:allow +> user:42:-----------Co-:f-i---:allow +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:-d-n--:deny +> group:43:-w---------C--:f-in--:deny +> user:43:rwxp----------:------:allow +> owner@:--------------:------:deny +> owner@:rwxp---A-W-Co-:------:allow +> group@:-w-p----------:------:deny +> group@:r-x-----------:------:allow +> everyone@:-w-p---A-W-Co-:------:deny +> everyone@:r-x---a-R-c--s:------:allow + +$ cd ddd +$ touch xxx +$ getfacl -qn xxx +> user:41:-w------------:------:deny +> user:41:-w-----A------:------:allow +> user:42:--------------:------:deny +> user:42:--------------:------:allow +> user:42:--x-----------:------:deny +> user:42:r-x-----------:------:allow +> group:43:-w---------C--:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ rm xxx +$ umask 077 +$ touch xxx +$ getfacl -qn xxx +> user:41:-w------------:------:deny +> user:41:-w-----A------:------:allow +> user:42:--------------:------:deny +> user:42:--------------:------:allow +> user:42:r-x-----------:------:deny +> user:42:r-x-----------:------:allow +> group:43:-w---------C--:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:rwxp----------:------:deny +> group@:--------------:------:allow +> everyone@:rwxp---A-W-Co-:------:deny +> everyone@:------a-R-c--s:------:allow + +$ rm xxx +$ umask 770 +$ touch xxx +$ getfacl -qn xxx +> user:41:-w------------:------:deny +> user:41:-w-----A------:------:allow +> user:42:--------------:------:deny +> user:42:--------------:------:allow +> user:42:r-x-----------:------:deny +> user:42:r-x-----------:------:allow +> group:43:-w---------C--:------:deny +> owner@:rwxp----------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:rwxp----------:------:deny +> group@:--------------:------:allow +> everyone@:--x----A-W-Co-:------:deny +> everyone@:rw-p--a-R-c--s:------:allow + +$ rm xxx +$ umask 707 +$ touch xxx +$ getfacl -qn xxx +> user:41:--------------:------:deny +> user:41:-w-----A------:------:allow +> user:42:--------------:------:deny +> user:42:--------------:------:allow +> user:42:--x-----------:------:deny +> user:42:r-x-----------:------:allow +> group:43:-w---------C--:------:deny +> owner@:rwxp----------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--x-----------:------:deny +> group@:rw-p----------:------:allow +> everyone@:rwxp---A-W-Co-:------:deny +> everyone@:------a-R-c--s:------:allow + +$ umask 077 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:r-------------:------:deny +> group:41:r-----a-------:------:allow +> user:42:-----------Co-:f-i---:allow +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:------:deny +> owner@:--------------:------:deny +> owner@:rwxp---A-W-Co-:------:allow +> group@:rwxp----------:------:deny +> group@:--------------:------:allow +> everyone@:rwxp---A-W-Co-:------:deny +> everyone@:------a-R-c--s:------:allow + +$ rmdir yyy +$ umask 770 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:r-------------:------:deny +> group:41:r-----a-------:------:allow +> user:42:-----------Co-:f-i---:allow +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:------:deny +> owner@:rwxp----------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:rwxp----------:------:deny +> group@:--------------:------:allow +> everyone@:-------A-W-Co-:------:deny +> everyone@:rwxp--a-R-c--s:------:allow + +$ rmdir yyy +$ umask 707 +$ mkdir yyy +$ getfacl -qn yyy +> group:41:--------------:------:deny +> group:41:------a-------:------:allow +> user:42:-----------Co-:f-i---:allow +> user:42:r-x-----------:f-i---:allow +> group:42:-w--D---------:------:deny +> owner@:rwxp----------:------:deny +> owner@:-------A-W-Co-:------:allow +> group@:--------------:------:deny +> group@:rwxp----------:------:allow +> everyone@:rwxp---A-W-Co-:------:deny +> everyone@:------a-R-c--s:------:allow + +# There is some complication regarding how write_acl and write_owner flags +# get inherited. Make sure we got it right. +$ setfacl -b . +$ setfacl -a0 u:42:Co:f:allow . +$ setfacl -a0 u:43:Co:d:allow . +$ setfacl -a0 u:44:Co:fd:allow . +$ setfacl -a0 u:45:Co:fi:allow . +$ setfacl -a0 u:46:Co:di:allow . +$ setfacl -a0 u:47:Co:fdi:allow . +$ setfacl -a0 u:48:Co:fn:allow . +$ setfacl -a0 u:49:Co:dn:allow . +$ setfacl -a0 u:50:Co:fdn:allow . +$ setfacl -a0 u:51:Co:fni:allow . +$ setfacl -a0 u:52:Co:dni:allow . +$ setfacl -a0 u:53:Co:fdni:allow . +$ umask 022 +$ rm xxx +$ touch xxx +$ getfacl -nq xxx +> user:53:--------------:------:deny +> user:53:--------------:------:allow +> user:51:--------------:------:deny +> user:51:--------------:------:allow +> user:50:--------------:------:deny +> user:50:--------------:------:allow +> user:48:--------------:------:deny +> user:48:--------------:------:allow +> user:47:--------------:------:deny +> user:47:--------------:------:allow +> user:45:--------------:------:deny +> user:45:--------------:------:allow +> user:44:--------------:------:deny +> user:44:--------------:------:allow +> user:42:--------------:------:deny +> user:42:--------------:------:allow +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ rmdir yyy +$ mkdir yyy +$ getfacl -nq yyy +> user:53:--------------:------:deny +> user:53:--------------:------:allow +> user:52:--------------:------:deny +> user:52:--------------:------:allow +> user:50:--------------:------:deny +> user:50:--------------:------:allow +> user:49:--------------:------:deny +> user:49:--------------:------:allow +> user:47:-----------Co-:fdi---:allow +> user:47:--------------:------:deny +> user:47:--------------:------:allow +> user:46:-----------Co-:-di---:allow +> user:46:--------------:------:deny +> user:46:--------------:------:allow +> user:45:-----------Co-:f-i---:allow +> user:44:-----------Co-:fdi---:allow +> user:44:--------------:------:deny +> user:44:--------------:------:allow +> user:43:-----------Co-:-di---:allow +> user:43:--------------:------:deny +> user:43:--------------:------:allow +> user:42:-----------Co-:f-i---:allow +> owner@:--------------:------:deny +> owner@:rwxp---A-W-Co-:------:allow +> group@:-w-p----------:------:deny +> group@:r-x-----------:------:allow +> everyone@:-w-p---A-W-Co-:------:deny +> everyone@:r-x---a-R-c--s:------:allow + +$ setfacl -b . +$ setfacl -a0 u:42:Co:f:deny . +$ setfacl -a0 u:43:Co:d:deny . +$ setfacl -a0 u:44:Co:fd:deny . +$ setfacl -a0 u:45:Co:fi:deny . +$ setfacl -a0 u:46:Co:di:deny . +$ setfacl -a0 u:47:Co:fdi:deny . +$ setfacl -a0 u:48:Co:fn:deny . +$ setfacl -a0 u:49:Co:dn:deny . +$ setfacl -a0 u:50:Co:fdn:deny . +$ setfacl -a0 u:51:Co:fni:deny . +$ setfacl -a0 u:52:Co:dni:deny . +$ setfacl -a0 u:53:Co:fdni:deny . +$ umask 022 +$ rm xxx +$ touch xxx +$ getfacl -nq xxx +> user:53:-----------Co-:------:deny +> user:51:-----------Co-:------:deny +> user:50:-----------Co-:------:deny +> user:48:-----------Co-:------:deny +> user:47:-----------Co-:------:deny +> user:45:-----------Co-:------:deny +> user:44:-----------Co-:------:deny +> user:42:-----------Co-:------:deny +> owner@:--x-----------:------:deny +> owner@:rw-p---A-W-Co-:------:allow +> group@:-wxp----------:------:deny +> group@:r-------------:------:allow +> everyone@:-wxp---A-W-Co-:------:deny +> everyone@:r-----a-R-c--s:------:allow + +$ rmdir yyy +$ mkdir yyy +$ getfacl -nq yyy +> user:53:-----------Co-:------:deny +> user:52:-----------Co-:------:deny +> user:50:-----------Co-:------:deny +> user:49:-----------Co-:------:deny +> user:47:-----------Co-:fdi---:deny +> user:47:-----------Co-:------:deny +> user:46:-----------Co-:-di---:deny +> user:46:-----------Co-:------:deny +> user:45:-----------Co-:f-i---:deny +> user:44:-----------Co-:fdi---:deny +> user:44:-----------Co-:------:deny +> user:43:-----------Co-:-di---:deny +> user:43:-----------Co-:------:deny +> user:42:-----------Co-:f-i---:deny +> owner@:--------------:------:deny +> owner@:rwxp---A-W-Co-:------:allow +> group@:-w-p----------:------:deny +> group@:r-x-----------:------:allow +> everyone@:-w-p---A-W-Co-:------:deny +> everyone@:r-x---a-R-c--s:------:allow + +$ rmdir yyy +$ rm xxx +$ cd .. +$ rmdir ddd + +$ rm xxx + Modified: head/tools/regression/acltools/tools-posix.test ============================================================================== --- head/tools/regression/acltools/tools-posix.test Mon Sep 7 16:25:09 2009 (r196937) +++ head/tools/regression/acltools/tools-posix.test Mon Sep 7 16:26:03 2009 (r196938) @@ -1,11 +1,36 @@ +# Copyright (c) 2008, 2009 Edward Tomasz Napierała +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# $FreeBSD$ +# *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***