_ls()
{
- ls -ln $* | awk '{ print $1, $3, $4, $NF }'
+ ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id
}
+_get_newid()
+{
+ cat /etc/passwd /etc/group $tmp.ids | gawk -F: '
+ { ids[$3]=1 }
+ END {
+ for(i=1;i<1000000;i++){
+ if (! (i in ids)) {
+ print i;
+ exit
+ }
+ }
+ }'
+}
+
+_setup_ids()
+{
+ touch $tmp.ids
+ acl1=`_get_newid`; echo "::$acl1" >>$tmp.ids
+ acl2=`_get_newid`; echo "::$acl2" >>$tmp.ids
+ acl3=`_get_newid`; echo "::$acl3" >>$tmp.ids
+}
+
+_filter_id()
+{
+ sed \
+ -e "s/u:$acl1/u:id1/" \
+ -e "s/u:$acl2/u:id2/" \
+ -e "s/u:$acl3/u:id3/" \
+ -e "s/g:$acl1/g:id1/" \
+ -e "s/g:$acl2/g:id2/" \
+ -e "s/g:$acl3/g:id3/" \
+ -e "s/ $acl1 / id1 /" \
+ -e "s/ $acl2 / id2 /" \
+ -e "s/ $acl3 / id3 /" \
+}
+
# -----
# minimal access ACL has ACEs: USER_OBJ, GROUP_OBJ, OTHER_OBJ
# This is set with chacl(1) and can be changed by chmod(1).
# -> this would be done by simultaneously matching on ACEs
# -> interesting if it allows user to specify ACEs in any order
#
-_need_to_be_root
-
rm -f $seq.full
-acl1=1001;acl2=1002;acl3=1003
+_need_to_be_root
+_setup_ids
[ -x /bin/chacl ] || _notrun "chacl command not found"
[ -x $runas ] || _notrun "$runas executable not found"
echo ""
echo "--- Test get and set of ACL ---"
-chacl -l file1
+chacl -l file1 | _filter_id
echo "Expect to FAIL"
chacl u::r--,g::rwx,o:rw- file1 2>&1
echo "Expect to PASS"
chacl u::r--,g::rwx,o::rw- file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
echo ""
echo "--- Test sync of ACL with std permissions ---"
_ls file1
chmod u+w file1
_ls file1
-chacl -l file1
+chacl -l file1 | _filter_id
echo ""
echo "--- Test owner permissions ---"
chacl u::r-x,g::---,o::--- file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
# change to owner
echo "Expect to PASS"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo ""
echo "--- Test group permissions ---"
chacl u::---,g::r-x,o::--- file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to PASS - acl2 matches group"
echo ""
echo "--- Test other permissions ---"
chacl u::---,g::---,o::r-x file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
echo "Expect to FAIL - acl1 is owner"
$runas -u $acl1 -g $acl1 ./file1 2>&1
echo "Expect to FAIL - acl2 is in group"
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,u:$acl2:r-x file1 2>&1
echo "Ensure that ACL has not been changed"
-chacl -l file1
+chacl -l file1 | _filter_id
echo "Expect to PASS - USER ACE matches user"
chacl u::---,g::---,o::---,u:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to FAIL - USER ACE does not match user"
$runas -u $acl3 -g $acl3 ./file1 2>&1
echo "Expect to FAIL as no MASK provided"
chacl u::---,g::---,o::---,g:$acl2:r-x file1 2>&1
echo "Ensure that ACL has not been changed"
-chacl -l file1
+chacl -l file1 | _filter_id
chacl u::---,g::---,o::---,g:$acl2:r-x,m::rwx file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
echo "Expect to PASS - GROUP ACE matches group"
$runas -u $acl2 -g $acl2 ./file1 2>&1
echo "Expect to PASS - GROUP ACE matches sup group"
echo ""
echo "--- Test MASK ---"
chacl u::---,g::---,o::---,g:$acl2:r-x,m::-wx file1 2>&1
-chacl -l file1
+chacl -l file1 | _filter_id
echo "Expect to FAIL as MASK prohibits execution"
$runas -u $acl2 -g $acl2 ./file1 2>&1
chacl u::---,g::---,o::---,u:$acl2:r-x,m::-wx file1 2>&1
# This was a bug in kernel code where syscred wasn't being used
# to override the capabilities
chacl o::---,g::---,u::--- file1 2>&1
-chacl -l ./file1
-
+chacl -l file1 | _filter_id
#-------------------------------------------------------
echo "=== Test Default ACLs ==="
mkdir acldir
chacl -b "u::rwx,g::rwx,o::rwx" "u::r-x,g::r--,o::---" ./acldir 2>&1
-chacl -l ./acldir
+chacl -l acldir | _filter_id
cd acldir
touch file2
_ls file2
-chacl -l ./file2
+chacl -l file2 | _filter_id
cd ..
#-------------------------------------------------------
=== Test minimal ACE ===
Setup file
--rwxrw-r-- 1001 1002 file1
+-rwxrw-r-- id1 id2 file1
--- Test get and set of ACL ---
file1 []
file1 [u::r--,g::rwx,o::rw-]
--- Test sync of ACL with std permissions ---
--r--rwxrw- 1001 1002 file1
--rw-rwxrw- 1001 1002 file1
+-r--rwxrw- id1 id2 file1
+-rw-rwxrw- id1 id2 file1
file1 [u::rw-,g::rwx,o::rw-]
--- Test owner permissions ---
Ensure that ACL has not been changed
file1 [u::---,g::---,o::r-x]
Expect to PASS - USER ACE matches user
-file1 [u::---,g::---,o::---,u:1002:r-x,m::rwx]
+file1 [u::---,g::---,o::---,u:id2:r-x,m::rwx]
Test was executed
Expect to FAIL - USER ACE does not match user
sh: ./file1: Permission denied
Expect to FAIL as no MASK provided
chacl: error setting access acl on "file1": Invalid argument
Ensure that ACL has not been changed
-file1 [u::---,g::---,o::---,u:1002:r-x,m::rwx]
-file1 [u::---,g::---,o::---,g:1002:r-x,m::rwx]
+file1 [u::---,g::---,o::---,u:id2:r-x,m::rwx]
+file1 [u::---,g::---,o::---,g:id2:r-x,m::rwx]
Expect to PASS - GROUP ACE matches group
Test was executed
Expect to PASS - GROUP ACE matches sup group
sh: ./file1: Permission denied
--- Test MASK ---
-file1 [u::---,g::---,o::---,g:1002:r-x,m::-wx]
+file1 [u::---,g::---,o::---,g:id2:r-x,m::-wx]
Expect to FAIL as MASK prohibits execution
./file1: ./file1: Permission denied
Expect to FAIL as MASK prohibits execution
Test was executed
=== Test can read ACLs without access permissions ===
-./file1 [o::---,g::---,u::---]
+file1 [o::---,g::---,u::---]
=== Test Default ACLs ===
-./acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---]
+acldir [u::rwx,g::rwx,o::rwx/u::r-x,g::r--,o::---]
-r--r----- 0 0 file2
-./file2 [u::r--,g::r--,o::---]
+file2 [u::r--,g::r--,o::---]
projects / users / hch / xfstests-dev.git / commitdiff